To make matters even worse, I'm missing my wininet.dll file and windows is running extremely slowly! A 'helpful' friend attempted to remove PSguard by deleting all items detected by HijackThis. I don't know whether this or the spyware was responsible for deleting my wininet.dll file. I downloaded a replacement (http://www.dll-files...s.shtml?wininet) and dropped it in the windows sytem folder, but windows is still running VERY slowly and is prone to freezing/crashing.
Following some of the steps detailed in previous threads on PSguard seems to have disabled the spyware (no more red icon in the system tray or 'Warning' wallpaper). However, SpySweeper keeps detecting PSguard (along with HereToFind and Tubby Toolbar?). I haven't been able to follow all the steps fully and need a little additional help!
I have tried rebooting in safe mode and running smitRem, Ad-Aware and SpySweeper, but I can't download Ewido to finish the process (am running Windows Me). Please help me get my laptop up and running again!!!
Ad-Aware SE
ArchiveData(auto-quarantine- 2005-08-04 17-12-47.bckp)
Referencefile : SE1R59 02.08.2005
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[1]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs\.XML
obj[2]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
MALWARE.PSGUARD
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[2]=File : C:\_RESTORE\TEMP\A0056091.1
WIN32.TROJAN.BYTEVERIFY.A
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=File : C:\_RESTORE\TEMP\A0056120.0
CYDOOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=File : C:\_RESTORE\TEMP\A0056122.0
LITMUS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[5]=File : C:\_RESTORE\TEMP\A0057525.0
ALERTSPY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[6]=File : C:\Program Files\HijackTools\SETUP.EXE
smitRem log file
version 2.3
by noahdfear
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system folder ~~~
~~~ Icons in system folder ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~ wininet.dll ~~~~
wininet.dll Present!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system folder ~~~
~~~ Icons in system folder ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~ wininet.dll ~~~~
wininet.dll Clean!!
Logfile of HijackThis v1.99.1
Scan saved at 17:20:28, on 04/08/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACKTOOLS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRAM FILES\HIJACKTOOLS\AD-AWARE\AD-AWARE.EXE" "+b1"
O4 - Startup: Real-time monitor.lnk = C:\Program Files\Trend PC-cillin 2000\PCCIOMON.exe
O4 - Startup: WallMaster.lnk = C:\WINDOWS\Wallpaper\WallMaster\wallmast.exe