PSGuard
Started by
Scotia
, Jul 29 2005 08:39 AM
#1
Posted 29 July 2005 - 08:39 AM
#2
Posted 30 July 2005 - 08:36 AM
Please Click here!, and follow the recommendations in the guide.
If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.
Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.
Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
#3
Posted 30 July 2005 - 09:01 AM
Logfile of HijackThis v1.99.1
Scan saved at 15:52:40, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
D:\WINDOWS\System32\msole32.exe
D:\WINDOWS\System32\shnlog.exe
D:\WINDOWS\System32\gsicon.exe
D:\WINDOWS\System32\dslagent.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
D:\PROGRA~1\WinFax\WFXSWTCH.exe
D:\WINDOWS\System32\wfxsnt40.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
D:\WINDOWS\System32\intell32.exe
D:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
D:\Program Files\AOL 8.0\aoltray.exe
D:\Program Files\Mightyfax\MFNTCTL.EXE
D:\WINDOWS\System32\intmon.exe
D:\Program Files\AOL 8.0\waol.exe
D:\Program Files\AOL 8.0\shellmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\C1IZY3KT\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicks...es.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
F2 - REG:system.ini: UserInit=D:\WINDOWS\System32\Userinit.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\System32\hp83CA.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [WFXSwtch] D:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MediaFace Integration] D:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [intell32.exe] D:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [PSGuard spyware remover] D:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = D:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: MightyFAX Controller.lnk = D:\Program Files\Mightyfax\MFNTCTL.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} (CInstall Class) - http://freepcscan.co...are/Install.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson...rg/ESTPTest.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pictures02.ao...-UK.9.2.3.0.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B7B14FD-C320-4B1D-B31E-5DDCF821AAFE}: NameServer = 152.163.0.26 205.188.64.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{822969D2-49EA-4039-8C9A-BBA85C97EA0C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B7B14FD-C320-4B1D-B31E-5DDCF821AAFE}: NameServer = 152.163.0.26 205.188.64.153
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
I hope I have done this OK. Thank You Frank
Scan saved at 15:52:40, on 30/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
D:\WINDOWS\System32\msole32.exe
D:\WINDOWS\System32\shnlog.exe
D:\WINDOWS\System32\gsicon.exe
D:\WINDOWS\System32\dslagent.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
D:\PROGRA~1\WinFax\WFXSWTCH.exe
D:\WINDOWS\System32\wfxsnt40.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
D:\WINDOWS\System32\intell32.exe
D:\Program Files\Messenger\msmsgs.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
D:\Program Files\AOL 8.0\aoltray.exe
D:\Program Files\Mightyfax\MFNTCTL.EXE
D:\WINDOWS\System32\intmon.exe
D:\Program Files\AOL 8.0\waol.exe
D:\Program Files\AOL 8.0\shellmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\C1IZY3KT\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicks...es.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
F2 - REG:system.ini: UserInit=D:\WINDOWS\System32\Userinit.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\System32\hp83CA.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [WFXSwtch] D:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MediaFace Integration] D:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [intell32.exe] D:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [PSGuard spyware remover] D:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = D:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: MightyFAX Controller.lnk = D:\Program Files\Mightyfax\MFNTCTL.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} (CInstall Class) - http://freepcscan.co...are/Install.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson...rg/ESTPTest.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pictures02.ao...-UK.9.2.3.0.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B7B14FD-C320-4B1D-B31E-5DDCF821AAFE}: NameServer = 152.163.0.26 205.188.64.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{822969D2-49EA-4039-8C9A-BBA85C97EA0C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B7B14FD-C320-4B1D-B31E-5DDCF821AAFE}: NameServer = 152.163.0.26 205.188.64.153
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
I hope I have done this OK. Thank You Frank
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users