Despite having Norton Internet Security, I believe my computer has become infected with the psguard thing. I have downloaded and run ewido which helped but it seems that the computer still has some problems. For example:
every time I run ewido it seems to find another infected file.
My wallpaper has some warning message that was never there before and I have no way to change it.
The system seems to get slugish (faster than it used to)
Like I said I have run ewido, in addition I have run ad-aware, cleanUp40, CWShredder and the hijackthis utility.
I am posting the hijackthis results below.
Thanks for taking a look, you guys are great!
Logfile of HijackThis v1.99.1
Scan saved at 6:02:55 PM, on 7/22/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\util\Norton Internet Security 2003\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
F:\util\Norton Internet Security 2003\ccPxySvc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
g:\ewido\security suite\ewidoctrl.exe
F:\mysql\bin\mysqld-nt.exe
F:\util\Norton AntiVirus 2003\navapsvc.exe
F:\util\Norton AntiVirus 2003\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
F:\util\Norton AntiVirus 2003\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\sys_progs\ATI Multimedia\RemCtrl\ATIX10.exe
C:\sys_prog\HP CD-DVD\Umbrella\hpcdtray.exe
C:\sys_prog\hewlett-packard\hp precisionscan\PrecisionScan\HPLamp.exe
F:\miss\Say the Time\SayTime.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\rundll32.exe
F:\sound\Winamp5\winampa.exe
F:\sound\TotalRecorder42\TotRecSched.exe
C:\WINNT\System32\atiptaxx.exe
F:\util\SUPERN~1\SUPERNOTES.EXE
F:\video\QuickTime\qttask.exe
C:\WINNT\System32\wuamwin.exe
C:\WINNT\System32\internat.exe
C:\winnt\bjxaxiv.exe
F:\util\TaskZip\TaskZip.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\3Com\3Com OfficeConnect Wireless 11g USB Adapter Utility\drivers\WIN2K\3COMU11GMonitor.exe
F:\miss\ATnotes\ATnotes.exe
F:\Palm\HOTSYNC.EXE
F:\mysql\bin\winmysqladmin.exe
F:\Corel\wp11\Programs\wpwin11.exe
F:\util\Total Commander XP\TOTALCMD.EXE
G:\aa_stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R3 - URLSearchHook: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - F:\modem\eXeem\LookSmart Toolbar\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINNT\Speech\Dragon\web_ie.dll
O2 - BHO: XBTB01232 Class - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - F:\modem\eXeem\LOOKSM~1\toolbar.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\util\Norton AntiVirus 2003\NavShExt.dll
O2 - BHO: Bridge Class - {E479EDE1-923E-11D3-B82B-00E09871521B} - F:\modem\Compass\CompassIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\util\Norton AntiVirus 2003\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - G:\zend_Studio\bin\ZendIEToolbar.dll
O3 - Toolbar: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - C:\Program Files\Torrent Search IE Toolbar\torrent_search.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - F:\modem\eXeem\LookSmart Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [microsoft server base] lass.exe
O4 - HKLM\..\RunServices: [Microsoft Hosting Service] winhosting.exe
O4 - HKLM\..\RunServices: [RSPC Driver] utne.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] system32,1.exe
O4 - HKLM\..\RunServices: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update2] wuamwin.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] system32,1.exe
O4 - HKCU\..\Run: [RSPC Driver] utne.exe
O4 - HKCU\..\Run: [Microsoft Hosting Service] winhosting.exe
O4 - HKCU\..\Run: [microsoft server base] lass.exe
O4 - HKCU\..\Run: [gcttaij] c:\winnt\bjxaxiv.exe
O4 - HKCU\..\Run: [yvrfuie] c:\winnt\yiivbei.exe
O4 - HKCU\..\Run: [hedscgm] c:\winnt\yiivbei.exe
O4 - HKCU\..\Run: [ahvdrbo] c:\winnt\yiivbei.exe
O4 - HKCU\..\Run: [ixdxdbi] c:\winnt\bhyasff.exe
O4 - HKCU\..\Run: [clvkrps] c:\winnt\bhyasff.exe
O4 - HKCU\..\Run: [nvxbjcm] c:\winnt\bhyasff.exe
O4 - HKCU\..\Run: [mhncfts] c:\winnt\bhyasff.exe
O4 - HKCU\..\Run: [epvghse] c:\winnt\bhyasff.exe
O4 - HKCU\..\Run: [yrilawi] c:\winnt\xdvvutv.exe
O4 - Startup: ATnotes.lnk = F:\miss\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = F:\Palm\HOTSYNC.EXE
O4 - Startup: WinMySQLadmin.lnk = F:\mysql\bin\winmysqladmin.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Office2k\Office10\OSA.EXE
O4 - Global Startup: TaskZip.lnk = F:\util\TaskZip\TaskZip.exe
O4 - Global Startup: 3Com OfficeConnect Wireless 11g USB Adapter Utility.lnk = C:\Program Files\3Com\3Com OfficeConnect Wireless 11g USB Adapter Utility\drivers\WIN2K\3COMU11GMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Office2k\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Zend Studio - Debug current page - res://G:\zend_Studio\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://G:\zend_Studio\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\sys_progs\ati multimedia\TV\EXPLBAR.DLL
O9 - Extra button: CUseeMe Conferencing Companion - {44EFB53C-C965-43CF-9F45-52242D134187} - f:\modem\cuseeme\Amigo.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\modem\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\modem\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\modem\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - F:\modem\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - C:\Program Files\Torrent Search IE Toolbar\torrent_search.dll
O9 - Extra 'Tools' menuitem: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - C:\Program Files\Torrent Search IE Toolbar\torrent_search.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - F:\modem\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\modem\SMARTW~1\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\modem\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - F:\miss\FLASHD~2\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - F:\miss\FLASHD~2\iebt.dll (HKCU)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c283.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.ocx
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) - http://kotelcam.virt...m/wg_webeye.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...c/bin/cabsa.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://toolbar.azese...l/azesearch.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - F:\util\Norton Internet Security 2003\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - g:\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - F:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\util\Norton AntiVirus 2003\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - F:\util\Norton Internet Security 2003\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\util\Norton AntiVirus 2003\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\util\Norton AntiVirus 2003\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe