Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

psguard and intell32 messing up my comp [RESOLVED]


  • This topic is locked This topic is locked

#1
smot_poker

smot_poker

    New Member

  • Member
  • Pip
  • 7 posts
when i first got this it made it so i couldn't open any programs, including windows explorer. clicking on the intell32 icon opens up internet explorer and said something about commands for manipulating windows. after playing around with my (keyless, lost it) win 98 cd something triggered a system backup restore. From that point i updated and ran adaware and spybot s&d it found about 100 registry keys and a few folders. removed that stuff but the intell32 icon came back a few minutes later and awhile after that the psguard stuff came back. downloaded winpatrol (like the doggy) removed psguard and intell32 from my startup then rebooted. They seemed to be gone after the reboot but intell32 revived shortly after i oppened internet explorer I ended the prosess. A few minutes later the doggy noticed psguard trying to add stuff to the system.ini file i think it was called. downloaded AVG it found a few unrelated (i think)trojans, deleted those they havn't come back. trojan hunter found nothing.

reenabled everything in my startup including stuff from past spyware infections.
here's my hijackthis thingy.

Logfile of HijackThis v1.99.1
Scan saved at 1:49:58 AM, on 8/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\AGC\AGC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [LoadPowerProfile] powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [System Integrity Checker] chkfat.exe
O4 - HKLM\..\RunServices: [SystemEmergency] C:\WINDOWS\EXPLORE.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: AGC.lnk = C:\Program Files\AGC\agc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

seems smaller then most hijackthis thingys i've seen... i feel small :tazz:


Jus noticed the link at the bottom of my hijack this log... used to be one for chess too and jus noticed i can't play any of the yahoo games.. the applets not loading

Edited by smot_poker, 02 August 2005 - 03:34 AM.

  • 0

Advertisements


#2
smot_poker

smot_poker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
No welcome to G2G? I feel unwanted like when the kids used to throw worms at me in the play ground when i was a toddler :)


psguard/intell32 had a file named oleext.dll that was causing the problems. had to delete it from dos. still couldn't play chess on yahoo tough so i played with my win98 cd again and the initial problem where i couldn't run any programms or explore my drives came back. booted to safe mode and ran adaware it found some alexa files (they weren't there before i played with the windows cd) spybot s&d found a couple things too. Now everything runs great!

But my happiness soon turns to sadness as i remember that you guy's are throwing worms at me in a sense. So now i'm gonna go cry in the corner (apparently ther's no crying smilie so i'm gonna use the ninja but know that he's crying behind his mask) :tazz:



and i like taz ;)

*Edited by an Administrator

Hello! Bumping your thread will not get you helped any quicker, as we look for threads with no replies. Also, we work from oldest to newest, and currently are working on logs that have been posted about five days ago , sometimes even older. Please be patient with us. We are working as fast as we can without compromising the integrity of our work.

Edited by ~Kat~, 04 August 2005 - 09:05 PM.

  • 0

#3
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi smot_poker and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#4
smot_poker

smot_poker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ya i fixed it thanks
  • 0

#5
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP