GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

spyware guard 2008

View previous topic View next topic Go down

spyware guard 2008

Post by Madmax376 on Thu Mar 26, 2009 3:03 am

My laptop is infected with spyware guard 2008. I was able to put hijackthis on it and get a log. I was not able to do the rest of the things because i am not able to open internet explorer to get to your site and download them. I have tried to run malwarebytes but once downloaded it will not let me open it. Thanks for taking the time to help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:53 PM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\1370291476.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Max Merkin\Application Data\U3\08A1396071815940\LaunchPad.exe
C:\Documents and Settings\Max Merkin\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
O1 - Hosts: 82.98.235.133 speed-runner.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 us.mcafee.com
O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnmlmjj.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O2 - BHO: (no name) - {F8EFC7B6-A4F9-4900-8015-E01428D11A85} - C:\WINDOWS\system32\yayWnnnM.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\attfocyv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\1370291476.exe
O4 - HKCU\..\Run: [A00F11822D.exe] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\_A00F11822D.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O18 - Filter hijack: text/html - {abcb379e-0880-465b-9e06-812312659ff4} - C:\WINDOWS\system32\iehlpr32.dll
O20 - AppInit_DLLs: isakcn.dll ndkyda.dll kydrgu.dll jugfwt.dll kordtv.dll bcggar.dll ktphua.dll
O20 - Winlogon Notify: nnnmlmjj - C:\WINDOWS\SYSTEM32\nnnmlmjj.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: __c00B8770 - C:\WINDOWS\system32\__c00B8770.dat
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11738 bytes

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Thu Mar 26, 2009 9:29 am

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
    O1 - Hosts: 82.98.235.133 speed-runner.com
    O1 - Hosts: 82.98.235.133 url.adtrgt.com
    O1 - Hosts: 82.98.235.133 us.mcafee.com
    O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
    O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
    O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
    O1 - Hosts: 82.98.235.133 [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnmlmjj.dll
    O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
    O2 - BHO: (no name) - {F8EFC7B6-A4F9-4900-8015-E01428D11A85} - C:\WINDOWS\system32\yayWnnnM.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
    O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\attfocyv.dll",b
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\winloggn.exe
    O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\csrssc.exe
    O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\1370291476.exe
    O4 - HKCU\..\Run: [A00F11822D.exe] C:\DOCUME~1\MAXMER~1\LOCALS~1\Temp\_A00F11822D.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O18 - Filter hijack: text/html - {abcb379e-0880-465b-9e06-812312659ff4} - C:\WINDOWS\system32\iehlpr32.dll
    O20 - AppInit_DLLs: isakcn.dll ndkyda.dll kydrgu.dll jugfwt.dll kordtv.dll bcggar.dll ktphua.dll
    O20 - Winlogon Notify: nnnmlmjj - C:\WINDOWS\SYSTEM32\nnnmlmjj.dll
    O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
    O20 - Winlogon Notify: __c00B8770 - C:\WINDOWS\system32\__c00B8770.dat
    O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll


  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\nnnmlmjj.dll
C:\WINDOWS\system32\yayWnnnM.dll
C:\WINDOWS\system32\tyshb36rfjdf.dll
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\attfocyv.dll
C:\WINDOWS\system32\iehlpr32.dll
C:\WINDOWS\SYSTEM32\nnnmlmjj.dll
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\system32\__c00B8770.dat
C:\WINDOWS\system32\isakcn.dll
C:\WINDOWS\system32\ndkyda.dll
C:\WINDOWS\system32\kydrgu.dll
C:\WINDOWS\system32\jugfwt.dll
C:\WINDOWS\system32\kordtv.dll
C:\WINDOWS\system32\bcggar.dll
C:\WINDOWS\system32\ktphua.dll

Folders to delete:
C:\Program Files\Spyware Guard 2008

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Fri Mar 27, 2009 3:51 pm

Ok i did what you said and when it restarted the computer for me it wont let me get past the welcome page. I click on my name to choose a user and it starts to load but in a few seconds logs me off again and leaves me with a screen saying welcome and my name to log on.

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Fri Mar 27, 2009 4:14 pm

Darn.
Well as I mentioned, the malware has caused a lot of damage and sometimes unforeseen things happen in cases like this.

Can you try booting to safe mode and try loading your profile in safe mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

spyware guard 2008

Post by Madmax376 on Fri Mar 27, 2009 4:58 pm

Safe mode does the same thing.

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Fri Mar 27, 2009 5:03 pm

Okay, lets see if we can use last known good.

Reboot again and start tapping F8 key after the beep to access the advanced boot menu.
Choose "Last known good configuration"
See if you can access it now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Fri Mar 27, 2009 5:16 pm

Last known good did not work either.

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Fri Mar 27, 2009 6:03 pm

Hello.
Darn, sorry the malware has caused so much damage.
If you have your XP disc, I would say now would be a wise choice to format before the malware authors use this machine to spread more malware around.

Let me know in your next post


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon Mar 30, 2009 6:06 pm

What if i dont have my XP disc?

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon Mar 30, 2009 6:14 pm

Does the machine have a factory image stored on the HD?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon Mar 30, 2009 6:17 pm

Im not sure what that means. It is a toshiba satelite laptop...

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon Mar 30, 2009 6:23 pm

Reboot again.
Start tapping the F12 key and you'll get another boot menu.

Is there a "Factory image restore"?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon Mar 30, 2009 6:30 pm

When i tap F12 it shows

Boot Menu
1. HDD
2. FDD
3. CD/DVD
4. LAN
5. USB Memory


Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon Mar 30, 2009 6:35 pm

Wrong button, some computers are different.
Reboot again, start tapping F10, what menu do you get this time?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon Mar 30, 2009 6:42 pm

F10 didnt do anything

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon Mar 30, 2009 7:03 pm

Hello.
Can you write to CD's? We can use Avira rescue CD and boot from that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon Mar 30, 2009 7:05 pm

yes i can

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon Mar 30, 2009 7:10 pm

Okay, read this guide for how to use it (pictures included)

[You must be registered and logged in to see this link.]

Download link for it is at the bottom of the article.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Tue Mar 31, 2009 7:05 am

well one avira didnt run like it said in the article and two it didnt do anything once i figured out how to run it. i can send you the log file if you wish but it just said unremovable for the problems it found. After running it, my laptop still will not boot up. I am still looking for my windows xp disc...hopefully i will find it soon and we can just start over. can you give me directions on how to do that if i find my windows xp disc. Thank you sooooo much.

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Tue Mar 31, 2009 8:25 am

Hello.
What did Avira find? UACd.sys? or a driver called UACd?

If you can get your XP disc, we'll format because there's too much damage done to fix it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Tue Mar 31, 2009 6:08 pm

I dont think it found either of those.

If i buy a toshiba recovery cd for my laptop is that the same as having my XP disc, because i think my xp disc is gone

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Tue Mar 31, 2009 6:36 pm

The disc might work, depends if the license key for this OS will still work.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon May 11, 2009 6:05 pm

Ok i have finally acquired a windows disc. Where do we go from here. It is windows XP SP2 upgrade

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon May 11, 2009 6:24 pm

See here:

[You must be registered and logged in to see this link.]

How to format Windows:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon May 11, 2009 8:31 pm

When i put in the windows disc and restart the computer still loads the same as it has been. Any ideas?

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon May 11, 2009 8:37 pm

Boot order needs to be changed in the BIOS.
When you boot, it will give you "Press DEL to enter BIOS", sometimes it's not DEL, but some other key, it will tell you anyway.

Every BIOS is different, but a general guide on changing boot order is here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon May 11, 2009 8:53 pm

Ok i did that and now it says "press any key to boot from CD..." but when hit a key (i tried several different keys) it still does not boot

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Mon May 11, 2009 9:12 pm

Do you mean it still won't boot Windows? it's not meant to. It's meant to boot from the CD so we could try a repair install.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Mon May 11, 2009 9:15 pm

It isnt booting at all it is a black screen that reads "press any key to boot from CD" And it doesnt boot just stays on that screen

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Madmax376 on Thu May 28, 2009 6:11 pm

Still trying to get my laptop running any ideas left for me?

Madmax376
Novice
Novice

Status :
Online
Offline

Posts : 16
Joined : 2009-03-26
OS : XP
Points : 28108
# Likes : 0

View user profile

Back to top Go down

Re: spyware guard 2008

Post by Belahzur on Fri May 29, 2009 5:07 pm

Nope, I've no ideas at this moment.
I'm gonna ask someone later when I see him online.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum