Hello, I am in the process of cleaning spyware off of a computer and
have almost completely cleaned it. However, one registry key remains
that just will not go away. The key is
HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
take ownership of this key, and I am logged in as an administrator of
this machine. I continually get a cannot delete registry key error.
Also, this is the only problem that is found in Spybot, and spybot will
not "fix" the problem either.

I have done all the major spyware and virus sweeps in safe mode, and
have followed normal best practices for removing spyware. This one key
eludes me. Can anyone help?

Thanks.

Forget regedt32, use regedit.

[[Regedt32.exe
In Windows XP and Windows Server 2003, Regedt32.exe is a small
program that just runs Regedit.exe. ]]
Differences Between Regedit.exe and Regedt32.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;141377

Caution
[]

Try this...
Reset the registry permissions
As soon as you have found the registry subkey that has the incorrect
permissions, update the permissions for that subkey.

To update the permissions of the registry subkey, follow these steps:
a. Click Start, click Run, type regedit, and then click OK to start
Registry Editor.
b. Locate and right-click the registry subkey:
and then click Permissions.
c. Under Group or user names, click Administrators.
d. Under Permissions for Administrators, make sure that the Allow check box
for the following entries is selected:
• Full Control
• Read
e. Click Apply, and then click OK.
f. On the File menu, click Exit to quit Registry Editor.

Open the Registry Editor again and see if you can delete the key now.

If not, try this...
Start | Run | Type: regedit | OK |
Navigate to >>>
the said key
Right click the key in the left hand pane | Permissions... | Advanced
button | Owner tab | click the new owner and then click OK.

[[You can take ownership of a registry key if you are logged on as an
administrator or if you have been specifically assigned the permission to
take ownership of the registry key by the current owner. ]]

See permissions, registry in Registry Editor HELP.

To assign permissions to a registry key
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx

To assign special access to a registry key
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_assign_specacc.mspx

To grant Full Control of a registry key
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_yield_own.mspx

To add users or groups to the audit list
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_audit_key_adduser.mspx

To add users or groups to the Permissions list
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_adduser.mspx

To remove a user or group from the Permissions list
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_remove.mspx

To take ownership of a registry key
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In oups.com,
Brian Pritts > hunted and pecked:[i]
> Hello, I am in the process of cleaning spyware off of a computer and
> have almost completely cleaned it. However, one registry key remains
> that just will not go away. The key is
> HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
> take ownership of this key, and I am logged in as an administrator of
> this machine. I continually get a cannot delete registry key error.
> Also, this is the only problem that is found in Spybot, and spybot will
> not "fix" the problem either.
>
> I have done all the major spyware and virus sweeps in safe mode, and
> have followed normal best practices for removing spyware. This one key
> eludes me. Can anyone help?
>
> Thanks.

Thanks for the response.

Unfortunately, I have done all of the prescribed steps. I have
assigned full control permissions on the invalid key, and have also
tried to take ownership of the key. For some reason, it will not allow
me to delete it. I am an administrator on this machine, and according
to the permissions on the bad key, I have full control. Any other
suggestions?

Thanks,
Brian

Wesley Vogel wrote:
> Forget regedt32, use regedit.
>
> [[Regedt32.exe
> In Windows XP and Windows Server 2003, Regedt32.exe is a small
> program that just runs Regedit.exe. ]]
> Differences Between Regedit.exe and Regedt32.exe
> http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;141377
>
> Caution
> []
>
> Try this...
> Reset the registry permissions
> As soon as you have found the registry subkey that has the incorrect
> permissions, update the permissions for that subkey.
>
> To update the permissions of the registry subkey, follow these steps:
> a. Click Start, click Run, type regedit, and then click OK to start
> Registry Editor.
> b. Locate and right-click the registry subkey:
> and then click Permissions.
> c. Under Group or user names, click Administrators.
> d. Under Permissions for Administrators, make sure that the Allow check =
box
> for the following entries is selected:
> =B7 Full Control
> =B7 Read
> e. Click Apply, and then click OK.
> f. On the File menu, click Exit to quit Registry Editor.
>
> Open the Registry Editor again and see if you can delete the key now.
>
> If not, try this...
> Start | Run | Type: regedit | OK |
> Navigate to >>>
> the said key
> Right click the key in the left hand pane | Permissions... | Advanced
> button | Owner tab | click the new owner and then click OK.
>
> [[You can take ownership of a registry key if you are logged on as an
> administrator or if you have been specifically assigned the permission to
> take ownership of the registry key by the current owner. ]]
>
> See permissions, registry in Registry Editor HELP.
>
> To assign permissions to a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/=
en-us/regedit_permit_key.mspx
>
> To assign special access to a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/=
en-us/regedit_assign_specacc.mspx
>
> To grant Full Control of a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/=
en-us/regedit_yield_own.mspx
>
> To add users or groups to the audit list
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/=
en-us/regedit_audit_key_adduser.mspx
>
> To add users or groups to the Permissions list
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/=
en-us/regedit_permit_key_adduser.mspx
>
> To remove a user or group from the Permissions list
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/=
en-us/regedit_permit_key_remove.mspx
>
> To take ownership of a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/=
en-us/regedit_take_own.mspx
>
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In oups.com,
> Brian Pritts > hunted and pecked:[i]
> > Hello, I am in the process of cleaning spyware off of a computer and
> > have almost completely cleaned it. However, one registry key remains
> > that just will not go away. The key is
> > HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
> > take ownership of this key, and I am logged in as an administrator of
> > this machine. I continually get a cannot delete registry key error.
> > Also, this is the only problem that is found in Spybot, and spybot will
> > not "fix" the problem either.
> >
> > I have done all the major spyware and virus sweeps in safe mode, and
> > have followed normal best practices for removing spyware. This one key
> > eludes me. Can anyone help?
> >
> > Thanks.

Reboot and try again. <shrug>

When something won't work the first time, I always try rebooting.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In ups.com,
Brian Pritts > hunted and pecked:
> Thanks for the response.
>
> Unfortunately, I have done all of the prescribed steps. I have
> assigned full control permissions on the invalid key, and have also
> tried to take ownership of the key. For some reason, it will not allow
> me to delete it. I am an administrator on this machine, and according
> to the permissions on the bad key, I have full control. Any other
> suggestions?
>
> Thanks,
> Brian
>
> Wesley Vogel wrote:
>> Forget regedt32, use regedit.
>>
>> [[Regedt32.exe
>> In Windows XP and Windows Server 2003, Regedt32.exe is a small
>> program that just runs Regedit.exe. ]]
>> Differences Between Regedit.exe and Regedt32.exe
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
>>
>> Caution
>> []
>>
>> Try this...
>> Reset the registry permissions
>> As soon as you have found the registry subkey that has the incorrect
>> permissions, update the permissions for that subkey.
>>
>> To update the permissions of the registry subkey, follow these steps:
>> a. Click Start, click Run, type regedit, and then click OK to start
>> Registry Editor.
>> b. Locate and right-click the registry subkey:
>> and then click Permissions.
>> c. Under Group or user names, click Administrators.
>> d. Under Permissions for Administrators, make sure that the Allow check
>> box for the following entries is selected:
>> · Full Control
>> · Read
>> e. Click Apply, and then click OK.
>> f. On the File menu, click Exit to quit Registry Editor.
>>
>> Open the Registry Editor again and see if you can delete the key now.
>>
>> If not, try this...
>> Start | Run | Type: regedit | OK |
>> Navigate to >>>
>> the said key
>> Right click the key in the left hand pane | Permissions... | Advanced
>> button | Owner tab | click the new owner and then click OK.
>>
>> [[You can take ownership of a registry key if you are logged on as an
>> administrator or if you have been specifically assigned the permission to
>> take ownership of the registry key by the current owner. ]]
>>
>> See permissions, registry in Registry Editor HELP.
>>
>> To assign permissions to a registry key
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx
>>
>> To assign special access to a registry key
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_assign_specacc.mspx
>>
>> To grant Full Control of a registry key
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_yield_own.mspx
>>
>> To add users or groups to the audit list
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_audit_key_adduser.mspx
>>
>> To add users or groups to the Permissions list
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_adduser.mspx
>>
>> To remove a user or group from the Permissions list
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_remove.mspx
>>
>> To take ownership of a registry key
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx
>>
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In oups.com,
>> Brian Pritts > hunted and pecked:[i]
>>> Hello, I am in the process of cleaning spyware off of a computer and
>>> have almost completely cleaned it. However, one registry key remains
>>> that just will not go away. The key is
>>> HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
>>> take ownership of this key, and I am logged in as an administrator of
>>> this machine. I continually get a cannot delete registry key error.
>>> Also, this is the only problem that is found in Spybot, and spybot will
>>> not "fix" the problem either.
>>>
>>> I have done all the major spyware and virus sweeps in safe mode, and
>>> have followed normal best practices for removing spyware. This one key
>>> eludes me. Can anyone help?
>>>
>>> Thanks.

I didn't see in your post if you tried to delete the key while in Safe Mode.
By the way, what is the key you're trying to delete?


"Brian Pritts" > wrote in message
ups.com...
Thanks for the response.

Unfortunately, I have done all of the prescribed steps. I have
assigned full control permissions on the invalid key, and have also
tried to take ownership of the key. For some reason, it will not allow
me to delete it. I am an administrator on this machine, and according
to the permissions on the bad key, I have full control. Any other
suggestions?

Thanks,
Brian

Wesley Vogel wrote:
> Forget regedt32, use regedit.
>
> [[Regedt32.exe
> In Windows XP and Windows Server 2003, Regedt32.exe is a small
> program that just runs Regedit.exe. ]]
> Differences Between Regedit.exe and Regedt32.exe
> http://support.microsoft.com/default.aspx?scid=kb;en-us;141377
>
> Caution
> []
>
> Try this...
> Reset the registry permissions
> As soon as you have found the registry subkey that has the incorrect
> permissions, update the permissions for that subkey.
>
> To update the permissions of the registry subkey, follow these steps:
> a. Click Start, click Run, type regedit, and then click OK to start
> Registry Editor.
> b. Locate and right-click the registry subkey:
> and then click Permissions.
> c. Under Group or user names, click Administrators.
> d. Under Permissions for Administrators, make sure that the Allow check
> box
> for the following entries is selected:
> · Full Control
> · Read
> e. Click Apply, and then click OK.
> f. On the File menu, click Exit to quit Registry Editor.
>
> Open the Registry Editor again and see if you can delete the key now.
>
> If not, try this...
> Start | Run | Type: regedit | OK |
> Navigate to >>>
> the said key
> Right click the key in the left hand pane | Permissions... | Advanced
> button | Owner tab | click the new owner and then click OK.
>
> [[You can take ownership of a registry key if you are logged on as an
> administrator or if you have been specifically assigned the permission to
> take ownership of the registry key by the current owner. ]]
>
> See permissions, registry in Registry Editor HELP.
>
> To assign permissions to a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key.mspx
>
> To assign special access to a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_assign_specacc.mspx
>
> To grant Full Control of a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_yield_own.mspx
>
> To add users or groups to the audit list
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_audit_key_adduser.mspx
>
> To add users or groups to the Permissions list
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_adduser.mspx
>
> To remove a user or group from the Permissions list
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_permit_key_remove.mspx
>
> To take ownership of a registry key
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/regedit_take_own.mspx
>
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In oups.com,
> Brian Pritts > hunted and pecked:[i]
> > Hello, I am in the process of cleaning spyware off of a computer and
> > have almost completely cleaned it. However, one registry key remains
> > that just will not go away. The key is
> > HKLM\Software\ShudderLTD\PSGuard. I have tried to use regedt32 and
> > take ownership of this key, and I am logged in as an administrator of
> > this machine. I continually get a cannot delete registry key error.
> > Also, this is the only problem that is found in Spybot, and spybot will
> > not "fix" the problem either.
> >
> > I have done all the major spyware and virus sweeps in safe mode, and
> > have followed normal best practices for removing spyware. This one key
> > eludes me. Can anyone help?
> >
> > Thanks.

Hey Fitz,

Yes I did try in safe mode. I have rebooted multiple times as well...

The key I am trying to delete is
HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\P SGuard

If anyone has any other ideas, it would be much appreciated. This
thing is stubborn.

Thank you!


Fitz wrote:
> I didn't see in your post if you tried to delete the key while in Safe Mode.
> By the way, what is the key you're trying to delete?
>
>
> "Brian Pritts" > wrote in message
> ups.com...
> Thanks for the response.
>
> Unfortunately, I have done all of the prescribed steps. I have
> assigned full control permissions on the invalid key, and have also
> tried to take ownership of the key. For some reason, it will not allow
> me to delete it. I am an administrator on this machine, and according
> to the permissions on the bad key, I have full control. Any other
> suggestions?

Try this link and see if it helps. Let us know.
http://www.bleepingcomputer.com/forums/How_to_remove_the_Smitfraud_Quicknavigate_VirtualM aid-t17258.html


"Brian Pritts" > wrote in message
ups.com...
> Hey Fitz,
>
> Yes I did try in safe mode. I have rebooted multiple times as well...
>
> The key I am trying to delete is
> HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\P SGuard
>
> If anyone has any other ideas, it would be much appreciated. This
> thing is stubborn.
>
> Thank you!
>
>
> Fitz wrote:
>> I didn't see in your post if you tried to delete the key while in Safe
>> Mode.
>> By the way, what is the key you're trying to delete?
>>
>>
>> "Brian Pritts" > wrote in message
>> ups.com...
>> Thanks for the response.
>>
>> Unfortunately, I have done all of the prescribed steps. I have
>> assigned full control permissions on the invalid key, and have also
>> tried to take ownership of the key. For some reason, it will not allow
>> me to delete it. I am an administrator on this machine, and according
>> to the permissions on the bad key, I have full control. Any other
>> suggestions?
>

Also try this one:
http://labs.paretologic.com/spyware.aspx?remove=PSGuard


"Fitz" > wrote in message
r.com...
> Try this link and see if it helps. Let us know.
> http://www.bleepingcomputer.com/forums/How_to_remove_the_Smitfraud_Quicknavigate_VirtualM aid-t17258.html
>
>
> "Brian Pritts" > wrote in message
> ups.com...
>> Hey Fitz,
>>
>> Yes I did try in safe mode. I have rebooted multiple times as well...
>>
>> The key I am trying to delete is
>> HKEY_LOCAL_MACHINE\Software\Microsoft\ShudderLTD\P SGuard
>>
>> If anyone has any other ideas, it would be much appreciated. This
>> thing is stubborn.
>>
>> Thank you!
>>
>>
>> Fitz wrote:
>>> I didn't see in your post if you tried to delete the key while in Safe
>>> Mode.
>>> By the way, what is the key you're trying to delete?
>>>
>>>
>>> "Brian Pritts" > wrote in message
>>> ups.com...
>>> Thanks for the response.
>>>
>>> Unfortunately, I have done all of the prescribed steps. I have
>>> assigned full control permissions on the invalid key, and have also
>>> tried to take ownership of the key. For some reason, it will not allow
>>> me to delete it. I am an administrator on this machine, and according
>>> to the permissions on the bad key, I have full control. Any other
>>> suggestions?
>>
>
>