PDA

View Full Version : removing telsaplus & psguard


Whizz83
2006-05-11, 21:53
i have a problem with psguard and telsaplus. nothing can remove them. i update my spybot SD weekly and have even tried mcafee virus scanner, to no avail. the issue is when i remove psguard from the registery it always comes back thanks to 2 entries in Local Machine/software/ps guard. they are AlwaysBlockChanges & AlwaysBlockWhenNoAV. i have tried to remove them in safe mode then scan using spybot & mcafee & it didn't work. only spyware running on my system is Intell32.exe. it won't stay gone either. i've removed everything i can find associated with psguard & telsaplus but it always comes back. i've included a picture of my registry (http://www.geocities.com/whizz_kid_1/psguard_registry.JPG). anyone got any idea of how to help me. if so email me @
tashi
2006-05-12, 01:20
if so email me @

I have a better idea, read the sticky topics posted in this forum. ;)

BEFORE you post a log, and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Regards.
Whizz83
2006-05-12, 07:49
Logfile of HijackThis v1.99.1
Scan saved at 1:48:00 AM, on 5/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\XP\System32\smss.exe
C:\XP\system32\winlogon.exe
C:\XP\system32\services.exe
C:\XP\system32\lsass.exe
C:\XP\system32\svchost.exe
C:\XP\System32\svchost.exe
C:\XP\system32\svchost.exe
C:\XP\Explorer.EXE
C:\XP\system32\spoolsv.exe
C:\XP\System32\nvsvc32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\XP\System32\hpE853.tmp (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\XP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\XP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [intell32.exe] C:\XP\System32\intell32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\XP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\XP\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssldr - C:\XP\SYSTEM32\ssldr32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\XP\System32\nvsvc32.exe
LonnyRJones
2006-05-12, 13:07
I see Kazaa in that Picture, uninstall it asap

What other filesharrings programs do you use ?
Do you download and install programs with p2p ?

Why has your windows never been updated and why no antivirus program ?
Whizz83
2006-05-15, 01:37
trust me, its not kazaa. i use a hacked version of kazaa lite. all spyware removed, actually just never installed. i know you all are the experts but its not kazaa. my roommate has an issue visiting adult sites. its his computer so there isnt' much i can do about that. now any other ideas?
Whizz83
2006-05-15, 01:39
my windows is as up-to-date as it will let me be, i can't download the SP-x packs. and don't need constant virus software. i install and remove as necessary. btw, mcafee wouldn't remove this either, in safemode.
LonnyRJones
2006-05-15, 07:31
Kazaa lite is even worse in my opinion, Its a crack. if you use cracks there is no sense in cleaning that pc, it is a waste of your time and my time.
Get used to formating and reinstalling windows..

"i can't download the SP-x packs"
Get a legal copy and keep it updated.

"and don't need constant virus software"

Thats a wrong assumption. even those who never visit suspect sites need an antivirus running at all times.

I cannot help you unless your able to update windows and see the need for a full time av program.
tashi
2006-05-19, 05:11
This topic is closed.

For future reference:
Have you updated Windows? Security Programs? Links and Tips. (http://forums.spybot.info/showthread.php?t=425)

File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)

So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279 )