Home > Solved Need > Solved: Need Help With Spyguardpro

Solved: Need Help With Spyguardpro

Click the Scanning Control tab. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log.After you post your log, Please download the OTMoveIt by OldTimer. Here's the Thread Tools Search this Thread 04-27-2008, 02:57 PM #1 jonra Registered Member Join Date: Apr 2008 Posts: 2 OS: win 2000 Now when I go Check This Out

Leave the others as they are. It's 100% free. Doug Back to top Advertisements Register to Remove #2 Scotty Scotty Always Happy Authentic Member 3,634 posts Posted 27 November 2007 - 07:39 AM Hi! At Desktop My Computer C: drive. http://www.bleepingcomputer.com/forums/t/125012/spyguard-pro-took-over-please-help/

Right-click the registry value name and select Delete on the menu. THanks so much for your help, the popups now are gone SDFix: Version 1.110 Run by MISSYLEE on Mon 10/22/2007 at 05:59 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Completion time: 2007-10-23 18:33:25 - machine was rebooted . --- E O F --- Back to top #5 missylee missylee New Member Members 6 posts Posted 22 October 2007 - 06:37 Click the Preferences button.

Malware Removal Team will respond to your Topic in its turn. If you are asked to reboot the machine choose Yes. Please subscribe to this thread so that you are notified when you receive a reply. To delete all other references to av.log, repeat steps 4-6.

Dbl click the runmbam icon. If these are clicked they open windows explorer and take me to www.storageprotector .com to buy this bogus software to fix bogus problems. Please be patient while it scans your computer. Yes, my password is: Forgot your password?

Performed disk cleanup. The av.log file is associated with malware only if found in the locations listed above. Advertisement airin822 Thread Starter Joined: Jan 2, 2008 Messages: 7 Here is my HijackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:42 AM, on 1/2/2008 Platform: Windows XP Contents of the 'Scheduled Tasks' folder "2007-10-19 22:17:57 C:\WINDOWS\Tasks\1-Click Maintenance.job" "2005-12-25 03:15:09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1125975984.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe "2007-10-22 05:10:03 C:\WINDOWS\Tasks\HP Usg Daily FY04.job" . ************************************************************************** catchme

Root drive write protected? http://www.exterminate-it.com/malpedia/file/spyguardpro.lnk Attach log file back to Thread. INTERNET\DialBTYahoo.exe" /ReInstallAutoDial "LoadQM"=loadqm.exe "msnappau"="c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "Ad Rage"=d:\program files\adrage\adrage.exe "McAfee Guardian"="C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU "Symantec Core LC"=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

On normal restart the Fixtool will run again and complete the removal process then say Finished, Hit the Enter key to end the script and load your desktop icons. his comment is here An icon will be created on your desktop. That may cause it to stall. C:\temp\Ryuan1 C:\WINDOWS\SYSTEM32\cs.dat C:\WINDOWS\SYSTEM32\halifax1.dll C:\WINDOWS\SYSTEM32\ps1.dat C:\WINDOWS\SYSTEM32\rc.dat . ((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))) . 2008-01-16 22:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-16 21:02 . 2008-01-16 21:02

d-------- C:\Program

timeshock! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\SPOOLSV.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Contents of the 'Scheduled Tasks' folder "2007-10-21 01:00:04 C:\WINDOWS\Tasks\Maintenance-Defragment programs.job" - C:\WINDOWS\DEFRAG.EXE "2008-01-01 00:30:02 C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job" - C:\WINDOWS\CLEANMGR.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit this contact form On the left check C:\Fixed Drive.

What do I do? 1 user(s) are reading this topic 0 members, 1 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com → Security → Am I infected? All rights reserved OTMoveIt by OldTimer has a CleanUp!

Defaults the HOSTS file 4.

FINALLY FOR NOW Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Secunia PSI (BETA).lnk = C:\Program Files\Secunia\PSI (BETA)\PSI.exe O4 I am getting tonnnnns of pop up errord sayi for example msnmsgr.exe(blahblahblah.dll) bad image, I made that file name up but I get tons as im booting and after booting the No, create an account now.

On the Processes tab, select SpyGuardPro.lnk and click End Process. That may cause it to stall Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. as this will make it more difficult for the HJT team to help you.Please be patient as the HJT team is very busy. navigate here Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech".

Remember to re-enable the protection again afterwards before connecting to the Internet. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions. You can easily remove all the files listed above with Exterminate It! Click Yes in the Confirm Value Delete dialog box.

Combofix should never take more that 20 minutes including the reboot if malware is detected. They must be installed!!!!!!! Please download ATF Cleaner by Atribune. FILE C:\WINDOWS\SYSTEM32\cs.dat C:\WINDOWS\SYSTEM32\edcA01 C:\WINDOWS\SYSTEM32\halifax1.dll C:\WINDOWS\SYSTEM32\ps1.dat C:\WINDOWS\SYSTEM32\rc.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .

In the Find dialog box, type SpyGuardPro.lnk. Apply. Secunia software inspector & update checker Good free tools and advice on how to tighten your security settings. IMPORTANT: Malware files can masquerade as legitimate files by using the same file names.

Download this file - combofix.exe 2. I have no software firewall set, but whether it is the infestation doing this I am unsure. Leave the others as they are. I ran all the tests and it looks like I have a rootkey problem (as described above) I have also done all 8 steps.

Normal Mode: Checking Files: Trojan Files Found: C:\Program Files\Temporary\wininstall.exe - Deleted C:\Program Files\WinAble\winable.exe - Deleted C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe - Deleted C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted C:\WINDOWS\b122.exe - Deleted C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted After you delete a locked file, you need to delete all the references to the file in Windows registry. If yours is not listed and you don't know how to disable it, please ask.

© Copyright 2017 blightysoftware.com. All rights reserved.