1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

how do i get rid of this?

Discussion in 'Windows XP' started by ~Biker~, Jan 19, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    my pc got anouther stupid desktop virus, how the hell do i get rid of it?

    its a blue screen with spyware infected.

    i still got all the software since my last one, how do i get rid of it i'm running spysweeper now.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

    I'd also post a Hijack This log.
     
  3. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    no security thing

    Logfile of HijackThis v1.99.1
    Scan saved at 16:41:14, on 1/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\alg.exe
    C:\easyphp\Apache\apache.exe
    C:\easyphp\Apache\apache.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\easyphp\MySql\bin\mysqld.exe
    C:\WINNT\system32\slserv.exe
    C:\WINNT\System32\svchost.exe
    C:\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\System32\wdfmgr.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
    C:\Java\jre1.5.0_05\bin\jusched.exe
    C:\Webroot\Spy Sweeper\SpySweeper.exe
    C:\eSnips\ClientGW.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\easyphp\EasyPHP.exe
    C:\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Daily Weather Forecast\weather.exe
    C:\WINNT\System32\ctfmon.exe
    C:\Spyware Doctor\swdoctor.exe
    C:\Hide IP Platinum\hideippla.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\LimeWire\LimeWire.exe
    C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    C:\YAHOO!\MESSEN~1\ymsgr_tray.exe
    C:\WINNT\System32\wuauclt.exe
    C:\firefox.exe
    C:\FileZilla\FileZilla.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\TrendyFlash Site Builder\TrendyFlash Site Builder.exe
    C:\DOCUME~1\Jake\LOCALS~1\Temp\10457.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.169.112.145:8080
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.bikers--forums.com/"); (C:\Documents and Settings\Jake\Application Data\Mozilla\Profiles\default\4ui3rltf.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Jake\Application Data\Mozilla\Profiles\default\4ui3rltf.slt\prefs.js)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\eSnips\SnipBar.dll
    O3 - Toolbar: WaReZ_BaSe toolbar - {8c6b3330-09ef-4aed-b3fe-06754d9a73c2} - C:\Program Files\WaReZ_BaSe\tbWaRe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\AnyDVD\ElbyCheck.exe" /L AnyDVD
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [AnyDVD] "C:\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [eSnips] "C:\eSnips\ClientGW.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [EasyPHP] "C:\easyphp\EasyPHP.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
    O4 - HKCU\..\Run: [winnt] C:\winnt.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [Hide IP Platinum] C:\Hide IP Platinum\hideippla.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe
    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar6.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar6.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar6.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar6.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Jake\Desktop\fg171crk\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Jake\Desktop\fg171crk\jc_link.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar6.dll/cmsimilar.html
    O8 - Extra context menu item: Snip to my eSnips account - C:\eSnips\res\SnipIt.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar6.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
    O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134758637968
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A747C28-B3E9-4B1F-86DB-D95FC26D4E7D}: NameServer = 80.225.252.50 80.225.252.58
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4A747C28-B3E9-4B1F-86DB-D95FC26D4E7D}: NameServer = 80.225.252.50 80.225.252.58
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - C:\easyphp\Apache\apache.exe" --ntservice (file missing)
    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySQL - Unknown owner - C:\easyphp\MySql\bin\mysqld.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Webroot\Spy Sweeper\WRSSSDK.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run Kaspersky online virus scan here: http://www.kaspersky.com/virusscanner

    When the scan is finished, it usually does not give you any option to clean them.
    Save the results from the scan and post them here.
     
  5. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    ok i'm gonna get all my spy cleaners & virus hunters runing , ok?

    then i'll post up the logz
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  7. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    Spysweeper Log:

    cleaned the lot an by accidently lost log >_<

    Trojan hunter log:

    Registry scan
    No suspicious entries found
    Inifile scan
    No suspicious entries found
    Port scan
    No suspicious open ports found
    Memory scan
    No trojans found in memory
    File scan (autostarted files, running executables)
    No trojan files found

    Reg Organizer Log:
    Your trial has expired please register this product.

    Ewido

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 18:51:52, 1/19/2006
    + Report-Checksum: 979D6C23

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
    [624] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Cleaned with backup
    [696] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [916] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [1076] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [1108] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [1408] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [2192] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [2288] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [2356] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [2384] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [2420] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [2612] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [880] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [2868] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    [3748] C:\Program Files\NewDotNet\newdotnet3_88-1.dll -> Spyware.NewDotNet : Error during cleaning
    C:\WINNT\system32\mc-110-12-0000187.exe -> Spyware.Maxifiles : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][3].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

    Reg machanic

    121 problems found and deleted.

    & i havnt got internet exploror so i cant do the other one.

    does any of this help?
    ::Report End


    Reg machanic

    121 problems found and deleted.

    & i havnt got internet exploror so i cant do the other one.

    does any of this help?

    also i couldnt get the rest of my security things to open
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Go to Add/Remove Programs and uninstall New.Net (NewDotNet).
    If it will not uninstall, or is not listed there - do this:

    First click here: http://www.cexx.org/lspfix.htm to get the LSP Fix.

    You may not need it, but go ahead and download it just in case.

    Now go here: http://www.newdotnet.com/removal.html

    Scroll to the bottom of the page to Procedure 4 and download and run the New.Net Uninstaller.

    If you lose your internet connection after running the New.Net Uninstaller, Run the LSP Fix, and click Finish. (Don't do anything else).

    That should restore the internet connection.

    Did you run the Kaspersky scan?
     
  9. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    I uninstalled ie (internet Exloror) because i do not trust it an u get to many viruses an other **** from ie...

    So i cannot use Kaspersky In firefox.

    btw i uninstalled newdotnet A.O.K
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please post a new Hijack This log then.
     
  11. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    New hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:50:22, on 1/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\alg.exe
    C:\easyphp\Apache\apache.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\easyphp\Apache\apache.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\easyphp\MySql\bin\mysqld.exe
    C:\WINNT\system32\slserv.exe
    C:\WINNT\System32\svchost.exe
    C:\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\wdfmgr.exe
    C:\WINNT\System32\ctfmon.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
    C:\Java\jre1.5.0_05\bin\jusched.exe
    C:\Webroot\Spy Sweeper\SpySweeper.exe
    C:\eSnips\ClientGW.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\easyphp\EasyPHP.exe
    C:\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Daily Weather Forecast\weather.exe
    C:\Spyware Doctor\swdoctor.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Hide IP Platinum\hideippla.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\LimeWire\LimeWire.exe
    C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    C:\YAHOO!\MESSEN~1\ymsgr_tray.exe
    C:\WINNT\System32\wuauclt.exe
    C:\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.169.112.145:8080
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.bikers--forums.com/"); (C:\Documents and Settings\Jake\Application Data\Mozilla\Profiles\default\4ui3rltf.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Jake\Application Data\Mozilla\Profiles\default\4ui3rltf.slt\prefs.js)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\eSnips\SnipBar.dll
    O3 - Toolbar: WaReZ_BaSe toolbar - {8c6b3330-09ef-4aed-b3fe-06754d9a73c2} - C:\Program Files\WaReZ_BaSe\tbWaRe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\AnyDVD\ElbyCheck.exe" /L AnyDVD
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [AnyDVD] "C:\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [eSnips] "C:\eSnips\ClientGW.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [EasyPHP] "C:\easyphp\EasyPHP.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
    O4 - HKCU\..\Run: [winnt] C:\winnt.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [Hide IP Platinum] C:\Hide IP Platinum\hideippla.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe
    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar6.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar6.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar6.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar6.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Jake\Desktop\fg171crk\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Jake\Desktop\fg171crk\jc_link.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar6.dll/cmsimilar.html
    O8 - Extra context menu item: Snip to my eSnips account - C:\eSnips\res\SnipIt.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar6.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
    O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134758637968
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A747C28-B3E9-4B1F-86DB-D95FC26D4E7D}: NameServer = 212.74.114.129 212.74.112.193
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4A747C28-B3E9-4B1F-86DB-D95FC26D4E7D}: NameServer = 212.74.114.129 212.74.112.193
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - C:\easyphp\Apache\apache.exe" --ntservice (file missing)
    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySQL - Unknown owner - C:\easyphp\MySql\bin\mysqld.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Webroot\Spy Sweeper\WRSSSDK.exe
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Can you tell me what eSnips is?

    Download KillBox here: http://www.downloads.subratam.org/KillBox.exe
    Save it to your desktop.
    DO NOT run it yet.

    You'll need to disable SpySweeper's realtime protection while we run these fixes.

    * Open Spysweeper and click on Options > Program Options and uncheck "load at windows startup".
    On the left click "shields" and then uncheck everything there.
    Uncheck "home page shield".
    Uncheck "automatically restore default without notification".
    Exit the program.

    You can re-enable these when we are finished here.

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

    O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)

    O3 - Toolbar: WaReZ_BaSe toolbar - {8c6b3330-09ef-4aed-b3fe-06754d9a73c2} - C:\Program Files\WaReZ_BaSe\tbWaRe.dll

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\MessengerPlus! 3\MsgPlus.exe"

    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe

    O4 - HKCU\..\Run: [winnt] C:\winnt.exe

    O4 - Startup: LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe


    Boot into Safe Mode.

    * Double-click on Killbox.exe to run it.

    Put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\WaReZ_BaSe
    C:\Program Files\Daily Weather Forecast
    C:\winnt.exe
    C:\LimeWire


    Click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confirmation to delete the file.
    Click Yes.
    Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    Killbox may tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.
    Next in Killbox go to Tools > Delete Temp Files
    In the window that pops up, put a check by ALL the options there except these three:
    XP Prefetch
    Recent
    History
    Now click the Delete Selected Temp Files button.
    Exit the Killbox.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new log.
     
  13. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    Sorry didnt delete WaReZ BaSe, because its my own sites toolbar and i know i can trust it :) and i'm 100% sure its not causing it i think i got this when i put my uncles camara memory in my pc because it seemed strange that it suddenly appeared after putting that in,

    New Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:19:07, on 1/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\alg.exe
    C:\easyphp\Apache\apache.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\easyphp\MySql\bin\mysqld.exe
    C:\WINNT\system32\slserv.exe
    C:\easyphp\Apache\apache.exe
    C:\WINNT\System32\svchost.exe
    C:\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\wdfmgr.exe
    C:\WINNT\System32\ctfmon.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
    C:\Java\jre1.5.0_05\bin\jusched.exe
    C:\Webroot\Spy Sweeper\SpySweeper.exe
    C:\eSnips\ClientGW.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\easyphp\EasyPHP.exe
    C:\MessengerPlus! 3\MsgPlus.exe
    C:\Spyware Doctor\swdoctor.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Hide IP Platinum\hideippla.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\WINNT\System32\wbem\wmiprvse.exe
    C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    C:\YAHOO!\MESSEN~1\ymsgr_tray.exe
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\System32\wuauclt.exe
    C:\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.129.12.14:553
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.bikers--forums.com/"); (C:\Documents and Settings\Jake\Application Data\Mozilla\Profiles\default\4ui3rltf.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Jake\Application Data\Mozilla\Profiles\default\4ui3rltf.slt\prefs.js)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\eSnips\SnipBar.dll
    O3 - Toolbar: WaReZ_BaSe toolbar - {8c6b3330-09ef-4aed-b3fe-06754d9a73c2} - C:\Program Files\WaReZ_BaSe\tbWaRe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\AnyDVD\ElbyCheck.exe" /L AnyDVD
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [AnyDVD] "C:\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [eSnips] "C:\eSnips\ClientGW.exe"
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [EasyPHP] "C:\easyphp\EasyPHP.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [Hide IP Platinum] C:\Hide IP Platinum\hideippla.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar6.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar6.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar6.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar6.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Jake\Desktop\fg171crk\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Jake\Desktop\fg171crk\jc_link.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar6.dll/cmsimilar.html
    O8 - Extra context menu item: Snip to my eSnips account - C:\eSnips\res\SnipIt.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar6.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
    O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINNT\System32\mscoree.DLL
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134758637968
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A747C28-B3E9-4B1F-86DB-D95FC26D4E7D}: NameServer = 80.225.252.50 80.225.252.58
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4A747C28-B3E9-4B1F-86DB-D95FC26D4E7D}: NameServer = 80.225.252.50 80.225.252.58
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - C:\easyphp\Apache\apache.exe" --ntservice (file missing)
    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEServ.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySQL - Unknown owner - C:\easyphp\MySql\bin\mysqld.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Webroot\Spy Sweeper\WRSSSDK.exe


    eSnips is a toolbar from a company hosting some files for me.

    also i now suddenly cant sign in to windows live messenger 8.0 ( yes i'm official tester ) (sorted due 2 my proxy )
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Log looks fine. How are things now
     
  15. ~Biker~

    ~Biker~ Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    62
    now stuck with a grey background tryed puttin my old background on but it wont put it on.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435416

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice