Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I Need Help with Removing PSGuard!


  • Please log in to reply

#1
TonyGarcia

TonyGarcia

    New Member

  • Member
  • Pip
  • 5 posts
I was browsing the interent when all of a sudden the Spyware PSGuard showed up on my computer is was like :tazz: :) :) Im having troble deleteing it please help!

My Hijack this Log.

Logfile of HijackThis v1.99.1
Scan saved at 1:46:25 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\csmrs.exe
C:\WINDOWS\System\msveup.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\intell32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Winamp\Plugins\SIGServer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\mszk32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tonyl\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnssu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5me...ock@hotmail.com
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {4B4EE737-2D47-E126-DFBD-035B9EF1BE06} - C:\WINDOWS\appsx.dll
O2 - BHO: Class - {878A81B0-C10A-9380-C3B6-89A99E2C869B} - C:\WINDOWS\apiui32.dll
O2 - BHO: Class - {9A735E65-B77E-83B5-E2CE-86A183CD727B} - C:\WINDOWS\system32\javadd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FCB51F0E-2C0D-0B31-D324-1F2349F7433A} - C:\WINDOWS\addsm32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VC5MediaPlayer] C:\WINDOWS\system32\csmrs.exe
O4 - HKLM\..\Run: [.msfupdate] C:\WINDOWS\System\msveup.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\Run: [atlqx32.exe] C:\WINDOWS\system32\atlqx32.exe
O4 - HKLM\..\Run: [mszk32.exe] C:\WINDOWS\mszk32.exe
O4 - HKLM\..\RunOnce: [atlcm32.exe] C:\WINDOWS\system32\atlcm32.exe
O4 - HKLM\..\RunOnce: [d3jo.exe] C:\WINDOWS\system32\d3jo.exe
O4 - HKLM\..\RunOnce: [mfcni32.exe] C:\WINDOWS\mfcni32.exe
O4 - HKLM\..\RunOnce: [addqp32.exe] C:\WINDOWS\system32\addqp32.exe
O4 - HKLM\..\RunOnce: [appbr.exe] C:\WINDOWS\system32\appbr.exe
O4 - HKLM\..\RunOnce: [appqn32.exe] C:\WINDOWS\appqn32.exe
O4 - HKLM\..\RunOnce: [javaku.exe] C:\WINDOWS\javaku.exe
O4 - HKLM\..\RunOnce: [apipp32.exe] C:\WINDOWS\apipp32.exe
O4 - HKLM\..\RunOnce: [atlty32.exe] C:\WINDOWS\system32\atlty32.exe
O4 - HKLM\..\RunOnce: [appgf32.exe] C:\WINDOWS\system32\appgf32.exe
O4 - HKLM\..\RunOnce: [msuh.exe] C:\WINDOWS\system32\msuh.exe
O4 - HKLM\..\RunOnce: [sysqa.exe] C:\WINDOWS\system32\sysqa.exe
O4 - HKLM\..\RunOnce: [sdkvu.exe] C:\WINDOWS\system32\sdkvu.exe
O4 - HKLM\..\RunOnce: [atlir.exe] C:\WINDOWS\atlir.exe
O4 - HKLM\..\RunOnce: [apimr.exe] C:\WINDOWS\apimr.exe
O4 - HKLM\..\RunOnce: [ntht32.exe] C:\WINDOWS\system32\ntht32.exe
O4 - HKLM\..\RunOnce: [apisg32.exe] C:\WINDOWS\apisg32.exe
O4 - HKLM\..\RunOnce: [iewz32.exe] C:\WINDOWS\iewz32.exe
O4 - HKLM\..\RunOnce: [addiv.exe] C:\WINDOWS\system32\addiv.exe
O4 - HKLM\..\RunOnce: [crns.exe] C:\WINDOWS\system32\crns.exe
O4 - HKLM\..\RunOnce: [msgb.exe] C:\WINDOWS\msgb.exe
O4 - HKLM\..\RunOnce: [ntmd32.exe] C:\WINDOWS\ntmd32.exe
O4 - HKLM\..\RunOnce: [crcm32.exe] C:\WINDOWS\crcm32.exe
O4 - HKLM\..\RunOnce: [winje32.exe] C:\WINDOWS\winje32.exe
O4 - HKLM\..\RunOnce: [javaoy.exe] C:\WINDOWS\system32\javaoy.exe
O4 - HKLM\..\RunOnce: [javaqj32.exe] C:\WINDOWS\system32\javaqj32.exe
O4 - HKLM\..\RunOnce: [winbg32.exe] C:\WINDOWS\winbg32.exe
O4 - HKLM\..\RunOnce: [winev32.exe] C:\WINDOWS\winev32.exe
O4 - HKLM\..\RunOnce: [addwc32.exe] C:\WINDOWS\system32\addwc32.exe
O4 - HKLM\..\RunOnce: [d3bx.exe] C:\WINDOWS\d3bx.exe
O4 - HKLM\..\RunOnce: [crlb32.exe] C:\WINDOWS\system32\crlb32.exe
O4 - HKLM\..\RunOnce: [apiyv.exe] C:\WINDOWS\system32\apiyv.exe
O4 - HKLM\..\RunOnce: [appsx.exe] C:\WINDOWS\appsx.exe
O4 - HKLM\..\RunOnce: [d3xr32.exe] C:\WINDOWS\d3xr32.exe
O4 - HKLM\..\RunOnce: [atlmg.exe] C:\WINDOWS\atlmg.exe
O4 - HKLM\..\RunOnce: [addkh32.exe] C:\WINDOWS\addkh32.exe
O4 - HKLM\..\RunOnce: [d3pb.exe] C:\WINDOWS\system32\d3pb.exe
O4 - HKLM\..\RunOnce: [atlcp32.exe] C:\WINDOWS\atlcp32.exe
O4 - HKLM\..\RunOnce: [wintf32.exe] C:\WINDOWS\system32\wintf32.exe
O4 - HKLM\..\RunOnce: [sdkgu32.exe] C:\WINDOWS\sdkgu32.exe
O4 - HKLM\..\RunOnce: [mfcoi32.exe] C:\WINDOWS\mfcoi32.exe
O4 - HKLM\..\RunOnce: [netnv.exe] C:\WINDOWS\system32\netnv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121887401578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{076ED77F-BDB2-4003-BDAF-E29685A90395}: NameServer = 198.6.100.140 198.6.1.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{076ED77F-BDB2-4003-BDAF-E29685A90395}: NameServer = 198.6.100.140 198.6.1.140
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\d3jo.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by TonyGarcia, 19 August 2005 - 05:03 PM.

  • 0

Advertisements


#2
TonyGarcia

TonyGarcia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I don't know how I got it though but I need all the help I can get... :tazz:
  • 0

#3
TonyGarcia

TonyGarcia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
My Hijack This Log after cleaning it with ewido.


ogfile of HijackThis v1.99.1
Scan saved at 3:33:35 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\csmrs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Winamp\Plugins\SIGServer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\Tonyl\My Documents\security suite\ewidoguard.exe
C:\Documents and Settings\Tonyl\My Documents\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tonyl\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lpded.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lpded.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lpded.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lpded.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lpded.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lpded.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lpded.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5me...ock@hotmail.com
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {4B4EE737-2D47-E126-DFBD-035B9EF1BE06} - C:\WINDOWS\appsx.dll
O2 - BHO: Class - {878A81B0-C10A-9380-C3B6-89A99E2C869B} - C:\WINDOWS\apiui32.dll
O2 - BHO: Class - {9A735E65-B77E-83B5-E2CE-86A183CD727B} - C:\WINDOWS\system32\javadd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FCB51F0E-2C0D-0B31-D324-1F2349F7433A} - C:\WINDOWS\addsm32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [VC5MediaPlayer] C:\WINDOWS\system32\csmrs.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121887401578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{076ED77F-BDB2-4003-BDAF-E29685A90395}: NameServer = 198.6.100.140 198.6.1.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{076ED77F-BDB2-4003-BDAF-E29685A90395}: NameServer = 198.6.100.140 198.6.1.140
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\d3jo.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Tonyl\My Documents\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Tonyl\My Documents\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
TonyGarcia

TonyGarcia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
:tazz:
  • 0

#5
TonyGarcia

TonyGarcia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
(sorry I didn't see the rule on bumping...))

Edited by TonyGarcia, 20 August 2005 - 11:13 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP