Results 1 to 3 of 3

Thread: Spyware Guard 2009

  1. 2009-01-16, 04:02 #1
    docbargas
    docbargas is offline
    Junior Member
    Join Date
    Jan 2009
    Posts
    1

    Default Spyware Guard 2009

    Spyware Guard 2009 has installed itself on my computer. I am unable to use google search engine without being redirected, and I cannot open spybot. From what I've read this Spyware Guard stuff is scary. Thank you for your help.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:40:48 PM, on 1/15/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Apple\Mobile Device
    Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet
    Files\Content.IE5\HEBKZ7KU\spybotsd160[1].exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\is-TNCTI.tmp\spybotsd160[1].tmp
    C:\Program Files\Hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common
    Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
    7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program
    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} -
    C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select -
    {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web
    Printing\hpswp_extensions.dll
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5
    Control) -
    http://upload.facebook.com/controls/...PhotoUploader5
    .cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
    http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection
    Class) -
    http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
    https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
    Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program
    Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service
    (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
    Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown
    owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
  2. 2009-01-19, 10:52 #2
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi docbargas

    Download gmer.zip and save to your desktop.
    alternate download site 1
    alternate download site 2
    • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
    • When you have done this, disconnect from the Internet and close all running programs.
      There is a small chance this application may crash your computer so save any work you have open.
    • Double-click on Gmer.exe to start the program.
    • Allow the gmer.sys driver to load if asked.
    • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
    • Click on "Settings", then check the first five settings:
      *System Protection and Tracing
      *Processes
      *Save created processes to the log
      *Drivers
      *Save loaded drivers to the log
    • You will be prompted to restart your computer. Please do so.


    Run Gmer again and click on the Rootkit tab.
    • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
    • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    • Click on the "Scan" and wait for the scan to finish.
      Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
    • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
    • Note: If you have any problems, try running GMER in SAFE MODE"

    Important! Please do not select the "Show all" checkbox during the scan..
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  3. 2009-01-23, 10:19 #3
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Due to the lack of feedback this Topic is closed.

    If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

    Everyone else please begin a New Topic.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules