Spyware Guard 2008

View previous topic View next topic Go down

Spyware Guard 2008

Post by lostdjinn on Tue Feb 24, 2009 4:52 am

So my roommate's computer is infected with Spyware Guard 2008 I've been trying to get rid of it for a while but I can't run -any- removal programs.

Here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:17 PM, on 2/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\OneStepSrch\onestep.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Daniel Frese\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com;;*.local
R3 - URLSearchHook: (no name) - {D4D170C2-E953-EFAA-2C53-E65B502F6593} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {BED76CC0-FB03-FBF0-7006-F31A04C95C97} - (no file)
R3 - URLSearchHook: (no name) - {ECD23DC7-FC04-A9F7-7806-F31A04C95895} - (no file)
R3 - URLSearchHook: (no name) - {C1F394C4-0F5B-03A5-25F3-0C45717E2294} - (no file)
R3 - URLSearchHook: (no name) - {6D864C2F-D7B1-891E-962D-81CD596C86C1} - (no file)
R3 - URLSearchHook: (no name) - {38864C73-80B5-DF15-902D-81CD596C85C5} - (no file)
R3 - URLSearchHook: (no name) - {0D19E46B-74A9-7D0A-8F79-74129440E797} - (no file)
R3 - URLSearchHook: (no name) - {618D1874-81B5-D918-CD2D-81CD596C8391} - (no file)
R3 - URLSearchHook: (no name) - {0D43BB78-72BD-7B47-C74D-270795A1EF9C} - (no file)
R3 - URLSearchHook: (no name) - {43C11CA7-8E30-DCCF-1D70-D458107EF799} - (no file)
R3 - URLSearchHook: (no name) - {F47E3C7A-F7EE-F84E-9E4D-F7BAAE3547C7} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BE2A844-6984-3503-A338-19E338EAAF9E} - (no file)
O2 - BHO: (no name) - {1DB2A647-69DD-3552-A338-19E338EAF89D} - (no file)
O2 - BHO: (no name) - {1FDAA2E0-3622-65D1-5031-353654EFAA97} - (no file)
O2 - BHO: (no name) - {24517587-BA4D-BCE3-6CE6-BD4ED3F59D9F} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {342C20C9-B308-B5FB-2F40-E2EBA940D4CB} - (no file)
O2 - BHO: (no name) - {4CAB93A1-5C67-07C1-46C1-5AA02DF9FF9E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {8A1FCD3B-5CF3-0B08-D34C-57909CD66CCB} - (no file)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDAFFC34-32FE-385D-DA2C-31E674875C92} - (no file)
O2 - BHO: (no name) - {CF024F3D-DCA0-DC0D-8C0C-83ADDFBF73C3} - (no file)
O2 - BHO: (no name) - {E4F9AED0-3E1D-69EC-6C56-63B32CBF0AC1} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - [You must be registered and logged in to see this link.] Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - [You must be registered and logged in to see this link.]
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - [You must be registered and logged in to see this link.]
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [You must be registered and logged in to see this link.]
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - [You must be registered and logged in to see this link.]
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: chkdsk.dll
O21 - SSODL: ieModule - {6A154F30-5E17-439E-BF54-D025B58903D8} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {DB6535EB-9DB7-42A4-8E60-945DBB9635AE} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\vqhabgoqzk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OneStepSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 14355 bytes

lostdjinn
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-02-24
OS OS : Windows XP
Points Points : 28420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Guard 2008

Post by Belahzur on Tue Feb 24, 2009 5:16 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - {D4D170C2-E953-EFAA-2C53-E65B502F6593} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {BED76CC0-FB03-FBF0-7006-F31A04C95C97} - (no file)
    R3 - URLSearchHook: (no name) - {ECD23DC7-FC04-A9F7-7806-F31A04C95895} - (no file)
    R3 - URLSearchHook: (no name) - {C1F394C4-0F5B-03A5-25F3-0C45717E2294} - (no file)
    R3 - URLSearchHook: (no name) - {6D864C2F-D7B1-891E-962D-81CD596C86C1} - (no file)
    R3 - URLSearchHook: (no name) - {38864C73-80B5-DF15-902D-81CD596C85C5} - (no file)
    R3 - URLSearchHook: (no name) - {0D19E46B-74A9-7D0A-8F79-74129440E797} - (no file)
    R3 - URLSearchHook: (no name) - {618D1874-81B5-D918-CD2D-81CD596C8391} - (no file)
    R3 - URLSearchHook: (no name) - {0D43BB78-72BD-7B47-C74D-270795A1EF9C} - (no file)
    R3 - URLSearchHook: (no name) - {43C11CA7-8E30-DCCF-1D70-D458107EF799} - (no file)
    R3 - URLSearchHook: (no name) - {F47E3C7A-F7EE-F84E-9E4D-F7BAAE3547C7} - (no file)
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {1BE2A844-6984-3503-A338-19E338EAAF9E} - (no file)
    O2 - BHO: (no name) - {1DB2A647-69DD-3552-A338-19E338EAF89D} - (no file)
    O2 - BHO: (no name) - {1FDAA2E0-3622-65D1-5031-353654EFAA97} - (no file)
    O2 - BHO: (no name) - {24517587-BA4D-BCE3-6CE6-BD4ED3F59D9F} - (no file)
    O2 - BHO: (no name) - {342C20C9-B308-B5FB-2F40-E2EBA940D4CB} - (no file)
    O2 - BHO: (no name) - {4CAB93A1-5C67-07C1-46C1-5AA02DF9FF9E} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
    O2 - BHO: (no name) - {8A1FCD3B-5CF3-0B08-D34C-57909CD66CCB} - (no file)
    O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
    O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
    O2 - BHO: (no name) - {BDAFFC34-32FE-385D-DA2C-31E674875C92} - (no file)
    O2 - BHO: (no name) - {CF024F3D-DCA0-DC0D-8C0C-83ADDFBF73C3} - (no file)
    O2 - BHO: (no name) - {E4F9AED0-3E1D-69EC-6C56-63B32CBF0AC1} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
    O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
    O20 - AppInit_DLLs: chkdsk.dll
    O21 - SSODL: ieModule - {6A154F30-5E17-439E-BF54-D025B58903D8} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
    O21 - SSODL: InternetConnection - {DB6535EB-9DB7-42A4-8E60-945DBB9635AE} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\vqhabgoqzk.dll
    O23 - Service: OneStepSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to disable:
OneStepSrch Service
Viewpoint Manager Service

Drivers to delete:
OneStepSrch Service
Viewpoint Manager Service

Files to delete:
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\vqhabgoqzk.dll

Folders to delete:
C:\Program Files\Spyware Guard 2008
C:\Documents and Settings\All Users\Application Data\OneStepSrch
C:\Program Files\Viewpoint

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Guard 2008

Post by lostdjinn on Thu Feb 26, 2009 12:28 am

Thank you guys soooo much! It seems to be gone! I had been trying for weeks to get rid of that stupid thing myself and was like stumped.



Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmxfe.sys
Driver disabled successfully.

Rootkit scan completed.

Driver "OneStepSrch Service" disabled successfully.
Driver "Viewpoint Manager Service" disabled successfully.
Driver "OneStepSrch Service" deleted successfully.
Driver "Viewpoint Manager Service" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\vqhabgoqzk.dll" deleted successfully.
Folder "C:\Program Files\Spyware Guard 2008" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\OneStepSrch" deleted successfully.
Folder "C:\Program Files\Viewpoint" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

lostdjinn
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-02-24
OS OS : Windows XP
Points Points : 28420
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Guard 2008

Post by Belahzur on Thu Feb 26, 2009 12:32 am

Hello.
Lets kill the rootkit.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
TDSSserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\TDSSmxfe.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum