[pleasepleasehelpme]

Hi people, I am new here and hope I can be helped as this thing is driving me nuts! I have tried following the directions in other peoples posts about how to remove this but perhaps I wasn't doing it right I dont know but the stuff just won't go away Everytime I reboot the PSguard thing pops up and starts running some kind of scan? Additionally, that red icon shows up in the start up tray thing in the bottom right hand corner, and occassionaly a yellow exclamation mark icon shows up in the bottom right hand corner start up tray too. I have done so many things to try and get rid of this, followed heaps of the instructions from other posts but with no luck...any help would be most appreciated!!!!

Also the appearance of my taskbar etc has changed to the classic windows grey appearance from the new windows XP pro look and I cannot change it back...I dunno what is up with that

Logfile of HijackThis v1.99.1
Scan saved at 10:20:50 AM, on 31/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\Explorer.EXE
C:\WINDOWS.000\system32\LEXBCES.EXE
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS.000\System32\CNAB3RPK.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS.000\System32\LXSUPMON.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS.000\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bona\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS.000\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS.000\System32\intell32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Emulator] kernelz-mxe.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Bona"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Bona"
O8 - Extra context menu item: &Search - http://ka.bar.need2f...earch.html?p=KA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122764503866
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS.000\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

[Advertisements]

Hi pleasepleasehelpme, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

*We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME

*Click HEREfor the update.

*Apply the update, reboot, and post a fresh Hijack This log.


Regards,

Trevuren

[Trevuren]

Hi pleasepleasehelpme, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

*We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME

*Click HEREfor the update.

*Apply the update, reboot, and post a fresh Hijack This log.


Regards,

Trevuren

[pleasepleasehelpme]

Thanks Trevuren for a speedy reply!!

I tried to download and install Service Pack 1a for Windows XP but an error message came up and did not let me complete the installation.

A similar problem occured sometime ago when I tried to install SP2...I'll apologise now as I am not the most computer literate person!!

Cheers

[Trevuren]

*Please go http://www.howtotell.com ]here[/URL] (Microsoft website) using Internet Explorer ( not Firefox or any other browser as they won't work)
*Click on "Windows Validation Assistant"
*Click on the "Validate Now" button.
*Be patient while the ActiveX loads, do not click on any links.
*Read the instructions on this page while it's loading. You will be prompted to install - click YES.
*Enter your product key then click "continue"
*When it says "Validation Complete" please click "Continue to return to your previous activity"
*Copy what it says and paste it here


Regards,

Trevuren

[pleasepleasehelpme]

Trevuren,

Cheers for your help. I decided to just format the hard disk and start-a-fresh...It was long over due anyway! Thank you for your assistance, it was much appreciated.

regards