psguard (help)

help!! I have this psguard thing and it will not go away I have worked on this for three weeks and I have spent over a hundred dollars on anti spyware products. Nothing is working please help!!!

 

Welcome to MajorGeeks.com, please follow the steps below:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

ok tried everthing you gave me nothing will rid me of the desktop highjack/psguard they all find it but none fix it? heher is the log from hjt please help

• Edit by bjgarrick: Inline HJT log removed!

 

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.


After you complete the above, procede with the below...

Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

Reboot into safe mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please attach this log to your next reply.

 

ok here is the file log from smitrem....

Inline log attached!

CLEAN!

 

Download Pocket KillBox

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

C:\WINDOWS\system32\intell32.exe
C:\WINDOWS\system32\oleext.dll
C:\WINDOWS\system32\ptainfo1.ico
C:\WINDOWS\system32\ptainfo2.ico

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, ATTACH a fresh HJT log from normal mode.

 

ok did the killbox, here is the hjt log

Inline log attached!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Spyware Killer Pro

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [SpyDefender Shield] "D:\Program Files\Cosmi\SpyWare Killer Pro\shield\SDShield.exe"

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O21 - SSODL: 0CBBI0CD - {7B0F2887-2A95-2638-0A5B-038067524E46} - D:\WINDOWS\System32\Ecihgf32.dll (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.


After you complete the above REBOOT, scan with HJT and attach a fresh log.

 

Ok here is the hjt log

Inline log attached!

 

Your HJT log is clean, are you having any further problems?

 

no more psguard, but my desktop is still white, and will not go back to normal?

 

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixsmit.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the fixsmit.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

After you complete the above, reboot and see if you can now change your wallpaper.

 

it did not work, I was able to get the source from it (dont know if it helps)


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!----
***** This file is automatically generated by Microsoft Windows *****
--------><HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none"
bottomMargin=0 bgColor=#004e98 leftMargin=0 background="" topMargin=0
rightMargin=0><IFRAME id=0
style="BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 800px; POSITION: absolute; TOP: 1px; HEIGHT: 569px"
name=DeskMovrW marginWidth=0 marginHeight=0
src="file:///D:/WINDOWS/desktop.html" frameBorder=0 scrolling=no
subscribed_url="D:\WINDOWS\desktop.html" resizeable=""> </IFRAME>&nbsp;
</BODY></HTML>

 

Manually locate the file D:\WINDOWS\desktop.html and delete it, then run the registry fix again, reboot and see if that takes care of it.

 

searched and searched, looked in the command prompt, the file does not exist. I was able to minimize the white screen (it seems to be a pop up window). I still cannot change the wallpaper, however the wall paper works around the white screen.

 

Right click on the Desktop to open the Display Properties, select the Desktop Tab. Click the customize button and select the WEB tab.

Uncheck anything here and click ok, let me know if problem remains.

 

its gone (Iam such a moron) thank you very much for your help!!!!

 

Your Welcome!

Are you having any further problems?

 

no more problems, pc is working great. Thanx again

 

I just started getting a pop up that says " Too many critical errors! fix your registry now to avoid system crash and data loss" dont know if this is part of the psguard thing or not?

 

Can you attach a screenshot of it so I can see if it's legit or not? Also attach a current HJT log to confirm it isnt.