Member Panel

spanky

home page comes up about blank then go's to www.safetydefender. it trys to get you to buy all thereproducts. sometimes a warning comes up that you have a w32.myzor.fkyf virus some of the time when you exit out of that it will go to www.malware.com. i have run atf cleaner then ewido then hijackthis.i saved the scans i don't know to add them .

joe5

Originally Posted by spanky

i saved the scans i don't know to add them .

Yes you do.

Hya Spanky.

Please download Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Also download:
http://castlecops.com/zx/flrman1/FixSQ.zip

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

run Ewido again , and this time you can let it fix what it finds.

Now unzip the FixSQ and double click on FixSQ.reg , allow it to merge with the registry.

Click on the Start Menu
Click on the Control Panel option.
Double-click on the Add or Remove Programs icon.
Find the entry for Spyware Quake 2.0 and double-click on it. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.

Run SmitRem:
Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.
Please attach this log to your next reply.

Then fix these entry's with hjt:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpB8E0.tmp

And manually search for , and delete these files if present:

C:\Program Files\SpywareQuake
C:\Windows\System32\stickrep.dll.bad
C:\Windows\System32\suprox.dll.bad
C:\Windows\System32\xenadot.dll.bad
C:\WINDOWS\system32\sivudro.dll.bad
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\System32\dfrgsrv.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\system32\dcomcfg.exe

Then reboot , and post the Smitrem log , and a new hjt log.

Also i see you have multiple AV's and i dont see a firewall on youre pc. To prevent conflict and performence problems i would diable/uninstall all but one AV. And have a look in our download section for free firewalls if you want.

Note:
You will need to reload your wallpaper as the SmitRem tool will reset it, you can do this in desktop properties on the Desktop tab , and choose the one you want to use and press apply.

And XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

spanky

firstb i wan't to thank you for replying. idid all you said but when i went to add and remove programs there was no entry for spyware quake 2.0. so i am stopped at this point. thank you again.

joe5

You can just continue with the rest , i should have added "uninstall if present". It is not always there.