SpywareGuard keeps getting partially disabled - help!

Discussion in 'SpywareBlaster & Other Forum' started by Intensecure, May 31, 2004.

Thread Status:
Not open for further replies.
  1. Intensecure

    Intensecure Registered Member

    Joined:
    May 31, 2004
    Posts:
    3
    Hello good people,

    I have a persistent problem, and I am at wit's end...

    I am a computer tech and have been through all forms of cleaners and antiviruses and turning things on and off and disabling, removing and reinstalling all versions of SG as well as other potential hijackers.b (see stripped-down hijackthis log!!)

    The symptom: within minutes of restart or reinstall of SG... i get the red X through the systray icon and... lo and behold... both realtime scan engine and then right after the download protection are shut off. I re-enable them and they again shut off shortly thereafter!

    Once again I have been through a full cleanout or the registry and have run all updated copies of Ad-aware and Spybot SD 1.3 and ultrawincleaner, regvac and every other thing i can think of... o_O

    please let me know if you can help

    thanks

    Intensecure guy
     

    Attached Files:

  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Intensecure's stripped-down hijackthis log!

    @Intensecure....would you mind copy\pasting the whole log Please
    ______________________________________
    Logfile of HijackThis v1.97.7
    Scan saved at 9:33:32 PM, on 5/31/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\spupdsvc.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spupdw2k.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Trend Micro\Internet Security\pccguide.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.exe
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\protection\downloads\A-1 HIJACK THIS\A-1 HIJACKTHIS.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: AIM (HKLM)
     
  3. Intensecure

    Intensecure Registered Member

    Joined:
    May 31, 2004
    Posts:
    3
    That is the WHOLE LOG - sorry if i confused u - i was saying that i had wiped out tons of stuff - so that this is the only stuff left!!!!

    thanks
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
  5. Intensecure

    Intensecure Registered Member

    Joined:
    May 31, 2004
    Posts:
    3
    :rolleyes: Bubba,

    What the heck is that? and there were a ton of files all looking legit in the sys32 folder right in along with a hundred same-dated (even same created date (when i did the SP4 update!! yesterday)) What else is lurking in there and how do i know there are there??

    I also just went back in and ran the exe again and found another reg value and string (diff this time) and cleaned them out... what the hecko_O

    thanks - i will know if this worked soon....

    By the way the same system was launching IEs randomly and hijacking any non-existant page (typos, etc.) www.spotsresults.com!!!!

    It seem that this was also from these files/reg valuse which I have just removed.

    Is this some type of spyware that S&D and Ad-aware are not looking for - is it rare or some different type of malware outside the cleaner's realm? This is not a rhetorical question if you please (anyone)

    thanks - so far things look quiet - - finally!!!!!

    C
     
Thread Status:
Not open for further replies.