1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

iknw its a virus but

Discussion in 'Windows XP' started by bluecheesey, Nov 12, 2007.

Thread Status:
Not open for further replies.
  1. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    i know not a thing bout pc can u get me sum proper help please i have tried bout 20 other things even house call.
    and now how do i mail a report to you i am getting ****ed off with now its going out of my window if you lot can"t help me (not joking):confused: :mad: :confused:

    var ldimg_masthead=new Image();ldimg_masthead.src="http://us.js2.yimg.com/us.yimg.com/i/us/sch/el/ng_hdspr_uk.png";
    #at .panel .scroll-h div,
    #at .panel .scroll-v div,
    #at .tgrad,
    #atbar .l,
    #atbar .r,
    #atf-remove div,
    #glcont .ls,
    #glcont .rs,
    #ss a.ss-remove,
    #ss .bl,
    #ss .br,
    .alsotry .bulb,
    .menu-link span,
    .ylogo-bot {
    background: url(http://us.js2.yimg.com/us.yimg.com/i/us/sch/el/ng_hdspr_uk.png) no-repeat;
    _background: none;
    _filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src="http://us.js2.yimg.com/us.yimg.com/i/us/sch/el/ng_hdspr_uk.png",sizingMethod="crop");
    #atbar .c,
    #gl {background: url(http://us.js2.yimg.com/us.yimg.com/i/us/sch/el/ng_hdspr_uk.png) no-repeat;}

    #yschweb>ol {margin-left: 5px;}
    #yschweb>ol>li>div, #yschweb>ol>li>span {position: relative; left: -6px;}

    #ygunav #ygps{float:left;}#ss a.ss-remove{display:none;}#ss ul li{padding:0;border-right:0;}.alsotry{margin-top:0;font-size:14px;}.alsotry h3{font-size:14px;font-weight:normal;}.alsotry .bulb{_left:-136px;}#ft p{font-size:77%;}
    techguys - Yahoo! Search Results

    #yschhpct {clear:both;font-size:120%;border-top:1px solid #CCC;border-bottom:1px solid #CCC;text-align:center;margin-top:0;margin-bottom:9px;}
    #yschhpct p {margin:0;padding:8px;}
    .yschmsgz {font-size:120% !important;padding-left:39px;margin-left:-7px;font-weight:normal;color:black !important;}
    .yschmsgz strong, .yschmsg b {font-weight:normal;}
    .yschmsgz a strong {font-style:normal;font-weight:bold !important;}
    .yschalrtz {font-size:79% !important;padding-top:3px;padding-bottom:7px;margin-left:-37px;padding-left:37px;background:#FEFBDD url(http://us.js2.yimg.com/us.yimg.com/i/nt/ic/ut/bsc/warn16_1.gif) no-repeat 12px 4px;}
    .yschalrtz strong {font-weight:bold;}
    .yschmsgz p {margin:0px;}
    .yschmsgz ul {margin-top:1em;}
    .yschmsgz li {margin-left:2.5em;font-size:79%;}
    .yschmsgz {margin-bottom:13px;}
    #yschrel {padding-left:39px;margin-top:0px;}
    .yschalrt {margin-left:0px;padding-left:37px;font-weight:normal;color:black !important;}
    .yschmsg b {font-weight:normal;}
    .yschalrt {font-size:100% !important;padding-top:3px;padding-bottom:7px;background:#FEFBDD url(http://us.js2.yimg.com/us.yimg.com/i/nt/ic/ut/bsc/warn16_1.gif) no-repeat 12px 4px;margin-bottom:13px;}
    #yschsec h2.algntop {border-top:24px solid white;padding-top:1.2em;}
    .yschmsg {margin-bottom:0px;}
    .yschdid {color:red;}
    .yschmsg #yschqrwalrt {background-image:none;}
    #yschiy a:visited.yschttl, #yschiy .yschttl a:visited {color:#639;}
    .yschqt {clear:both;margin:2em 0 0 20px;}
    #yschpri .yschqt {clear:none;border:1px solid #999;padding:8px;width:28em;margin:0 0 17px 20px;}
    #yschres {width:auto}
    #yschpri {margin-left: 261px;}
    #yschpri .yschttl {line-height: 1.1em;}
    .yschspns ul{zoom:1;}
    #yschiy, .yschmsg, p.tip, .yschmsgz {max-width:600px; }
    .yschmsg .yschalrt{padding-right: 20px;}
    * html #ft {
    behavior:expression(function(ft) {
    try {
    runtimeStyle.behavior = 'none';
    var b = document.body, fw = function() {b.className = (b.clientWidth > 890) ? 'wide' : 'narrow';};

    b.onresize = fw;
    } catch(e) {};
    * html .wide #yschweb, * html .wide #yschasouth, * html .wide .yschmsg, * html .wide .yschmsgz {width: 600px;}
    * html .wide .yschspns, * html .wide #yschiy, * html .wide p.tip {width: 580px;}
    * html .narrow #yschweb, * html .narrow #yschasouth, * html .narrow #yschiy, * html .narrow .yschmsg, * html .narrow .yschmsgz, * html .narrow p.tip {width: auto;}
    * html .narrow .yschspns {width: 100%;}

    #yschcont {margin-left: -256px;}
    .yschiy {margin-bottom:7px;}
    #iycpn {color:#666;}
    #iycpn em {color:#088000;}#yschiy .yschpdr {color:#666;}
    #yschpdt p {line-height:1.3em;}
    .yschiyqt {margin-top: -2px; position:relative; top:3px;}
    #yschiy q {display:block;}
    #yschiy p {margin-top:.3em;margin-bottom:-.1em;}
    #yschiy address {clear:both;margin-top:0;}
    #yschanswr {margin-top:1em;margin-left:37px;margin-bottom:12px;position:relative;}
    #yschanswr p {margin:0px;}
    #yschanswr p a {font-size:120%;color:#0000FF;}
    #yschanswr img {position:absolute;margin-left:-30px;}
    #yschqcon {width:38em;}
    #yschansdd {background:url(http://us.js2.yimg.com/us.yimg.com/i/us/sch/gr/answers_tb.gif) no-repeat 0 .1em;padding:0 0 0 28px;margin:0 0 17px 9px;}
    #yschansdd .yschttl {color:#000;line-height:1.1em;}
    #yschansdd a.yschttl, #yschansdd .yschttl a {color:#0000de;line-height:1.1em;}
    #yschansdd p {margin:0;padding:0;}
    #yschansdd p a {margin:0;padding:0;}
    #yschansdd p span {color:#666;white-space:nowrap;}
    #yschansdd address {display:block;color:#088000;font-style:normal;}
    #yschansdd address a {color:#8284cc;}yschiy {margin-top:0px !important;}
    #yschiy p {margin-top:0;margin-bottom:.2em;line-height:100%;}
    #yschres {margin-top:13px;}#yschtools {border:none;font:normal 85% arial;margin-top:-5px;}
    #yschmyw b {display:none;}
    #yschans, #yschmyw {float:none;text-align:right;}
    #yschrel {padding-left:39px;}

    .yschiy {margin-bottom:7px;}
    #iymap {width: 562px;}yschtg a, #yschtg .yschon, #yschstg a, #yschstg .yschon {padding:0 .4em;}.yschiyactr {float:left;}
    .yschclr {clear:both;}
    #yschiy .yschmsc {float:left;margin-top:.2em;margin-bottom:.2em; }
    #yschiy .yschmsc ol {padding-left:27px;margin-bottom:0px;}
    .yschbbox {background:#ecf5fa;}
    .yschhd {position:static;top:1px;right:0px;text-align:right;padding-right:9px;}
    .yschbbox .yschhd a {text-decoration:none;}#yschpg {border:none;padding-bottom:13px;margin-bottom:0px;padding-top:9px;}
    #yschssbx {width:auto;clear:both;position:relative;text-align:center;padding-top:8px;padding-bottom:9px;padding-left:10px;padding-right:10px;margin-top:8px;background:#ecf5fa;border-bottom:1px solid #AEC7DE;min-width:38em;}
    #yschssbx div#yschstg, div#yschstg {width:38em;margin:0px auto;text-align:center;}
    #yschssbx div.yschoptions {background:#ecf5fa;margin-left:auto;margin-right:auto;padding-left:1em;}
    p.yschftad {margin:0px;margin-bottom:8px;padding-top:0px;padding-bottom:8px;}
    * html p.yschftad {margin:0px;}
    p.yschftad img {vertical-align:middle;margin-right:-5px;}
    #cc {display:none;}
    .yschccfeedback {clear:both;}

    #yschiy div.iynwthr {float:left;margin-right:25px;margin-top:.2em;position:relative;}
    #yschiy div.iynwthr div {position:absolute;top:0px;left:0px;height:3em;}
    #yschiy div.iynwthr p {margin-left:35px;position:relative;white-space:nowrap;}
    #yschiy address {clear:both;margin-top:0;}#yschanswr {margin-top:1em;margin-left:37px;margin-bottom:12px;position:relative;}

    #yschweb, #yschasouth {max-width:600px;}
    * html .yschspns,* html #yschssbx {zoom:1;}

    #ygunav a.advsi {font-size: 130%; *font-size:120%; font-family: arial, helvetica, clean, sans-serif; color: #0000DE; padding-left: 10px;}
    #ygunav a.advsi:visited {color:#663399;}
    #ygunav a.advsi:active {color:#FF0000;}

    #yschres .yschpplst a {display:inline;margin-left:0px;*font-size:129%;}
    #yschres .yschpplst i {position:relative;display:-moz-inline-stack;display:inline-block;width:22px;height:13px;vertical-align:text-bottom;*vertical-align:baseline;}
    #yschadvsch a {color: #8284CC;font-size: 83%;}
    #yschadvsch {height: 1.2em;vertical-align: top;position: relative;top: .15em;}
    .yschlcstr {padding:0;*padding:0 5px 0 0;margin:0 0 0 -1px;line-height:1.2em;top:0px;width:50px;white-space:nowrap;}
    .yschlcstr i {width:10px; height:10px; padding:0;margin:0 0 .1em 0;font-size:7px;display:-moz-inline-stack;display:inline-block;background:url(http://us.js2.yimg.com/us.yimg.com/i/us/sch/gr2/smallstar_vertical.gif) no-repeat 0px 0px;vertical-align:middle;*vertical-align:baseline;}
    .yschlcstr .yschlcstroff {background-position:0px -11px;}
    #yschssbx div.yschact {margin:auto;width:31em;text-align:left;}
    ::root #yschssbx div.yschact {width:30em;}

    .yschmsg .yschmsgimg, #yschiy,
    .yschasouthimg .avatarnoimg, .yschlcstr i, .yschmsgz .yschalrtz , .yschasouthttl, #yschres .yschpplst i, .yschscrt {background-image: url(http://us.js2.yimg.com/us.yimg.com/i/us/sch/gr2/sprt_srp_core_6.gif) !important;background-repeat: no-repeat;}
    .yschmsg .yschmsgimg {height: 19px;width: 27px;background-color: #FFFFFF;background-position: -53px 0px;float: left;}
    #yschiy {background-position: -12px -838px;}
    #yschpri #yschiy.yschiysumobg {background-position: -12px -833px;}
    #yschiy .yschttl, #yschiy #iynws, #yschiy cite , #yschiy address ,#yschiy #iymap, #yschiy .yschpdr, #yschiy ul{background-color: #fff;}
    #yschres .yschpplst i {background-position: -4px -55px !important;}
    .yschlcstr i {background-position: -12px -133px !important;}
    .yschlcstr .yschlcstroff {background-position: -12px -144px !important;}
    .yschalrtz {background-position: 0px -160px !important;}
    .yschasouthttl {background-position: -12px -627px !important; }
    .yschftad .yschscrt {background-position: -10px -55px;display: inline-block;display: -moz-inline-stack;*display: inline-block;height: 13px; margin-right: 5px; vertical-align: text-bottom; width: 16px;}

    var ldimg_sprite=new Image();ldimg_sprite.src="http://us.js2.yimg.com/us.yimg.com/i/us/sch/gr2/sprt_srp_core_6.gif";
    #yschalso{background-image:none !important;font-size:100% !important;}
    #yschtools strong a{font-weight:bold;}
    #yschinfo em a{color:red !important;}
    .yschspns li.yschlast{margin-bottom:3px;}
    Yahoo!   My Yahoo!   Mail    

    var y_usr_id = '';
    if (y_usr_id == ''){
    document.write('Welcome, Guest [Sign In]');}
    document.write('Welcome, '+y_usr_id+' [Sign Out, My Account]');}
      Search Home - HelpWebImagesVideoLocalShoppingmoreAnswersAudioDirectoryNewsMyWebAdvanced SearchSearch ShortcutsAll Search ServicesSearch MarketingOptionsAdvanced SearchPreferencesAbout This PageYahoo!Suggestions:Start typing to see suggestions.Showing results containing:Explore Concepts:  +Search Assist: On | OffFeedbackJoin our panelSearch In: the Web in UK in Ireland 1-10 of 29,900 for techguys (About) - 0.35 sec | SafeSearch is OFFDid you mean: tech guys WEB RESULTS

    The TechGuys - Making I.T. Simple

    The TechGuys. We're the people that know 70 million PCs crash every day, and how to get them back up and running without losing data...
    - 16k
    - Cached


    Dedicated to everything automotive, from car audio to supercharging, and featuring projects using a Mazda MX-5 Miata.
    - 8k
    - Cached

    The TechGuys - Our services

    The TechGuys. We're the people that know 70 million PCs crash every day, and how to get them back up and running without losing data...
    - 33k
    - Cached

    Technical hotline offers 'hassle-free' support | | Guardian Unlimited Business

    ... ISDN, as the firm which owns Currys today launched a service called TechGuys. ... and the online brand Dixons believes TechGuys will tap a market for increasingly ...
    - 40k
    - Cached

    www.TechGuys.ca | Projects

    TechGuys - Projects: Fiberglass subwoofer enclosure ... This project will cover the creation of a custom subwoofer enclosure for a 12" ...
    - 16k
    - Cached

    The Tech Guys at PC World - Offering wireless internet installation, computer data transfer and computer repairs.

    The Tech Guys at PC World offer a range of computer repairs, upgrades, data transfer, wireless network installation and technical ... Who are the TechGuys? ...
    - 56k
    - Cached

    Kansas City Computer Repair | :) tech guys | Computer, network and moral support | Kansas City Metro Area

    Tech Guys, Kansas City's largest and fastest growing provider of computer, network, and moral ... Tech Guys.com | Contact the Webmaster | [email protected] ...
    - 20k
    - Cached

    The TechGuys - Our Services - Home Entertainment - Get set for digital

    The TechGuys. We're the people that know 70 million PCs crash every day, and how to get them back up and running without losing data...
    - 14k
    - Cached

    PC Pro: News: TechGuys on trial

    PC World support service offers free advice - for a limited period ... PC World's repair service, TechGuys, is offering its expertise for free as part ...
    - 28k
    - Cached


    - 23k

    .yschhd {position:static;top:1px;right:0px;text-align:right;padding-right:9px;}
    .yschbbox {background:#ecf5fa;}
    .yschbbox .yschhd a {text-decoration:none;}
    .yschbbox .yschhd a {text-decoration:none;}
    .yschspns {zoom:1;max-width:600px;}
    .yschspns ul { border:1px solid #ecf5fa;padding-top:0px;padding-bottom:0px;padding-right:0px;margin-top:13px;}
    .yschspns li em {margin-right: 0px !important;}


    Find Tech Guys near You

    www.pciq.com -
    The UK's national network of local Tech Guys.

    #yschsec li {width: 220px; }
    #yschsec li a, #yschsec li div, #yschsec li em {margin-left: 9px;}
    #yschsec li a {font-size:120%;line-height:1.15em;}

    Find Tech Guys near YouThe UK's national network of local Tech Guys.www.pciq.com See your message here...

    1 2 3 4 5 6 7 8 9 10 11 Next >Yahoo!Take our User Survey

    Copyright © 2007 Yahoo! All rights reserved.
    | Updated Privacy Policy |
    of service

    if (!YAHOO) {YAHOO = {};}
    if (!YAHOO.Search) {YAHOO.Search = {};}

    var d = document, YS = YAHOO.Search;

    YS.ad_div_id = 'yschres';
    YS.goto_text = 'go to ';

    function init() {
    var ytrkSettings={'beac':'http://uk.search.yahoo.com/beacon/clickbeacon/','wait':250};
    function searchBoxOnPasteHandler() {
    var src = event.srcElement.value;
    if (src == '') {
    event.returnValue = false;
    var clipboardText = window.clipboardData.getData("Text");
    if (clipboardText) {
    var newstr = clipboardText.replace(/\r\n|\n/g," ").replace(/\s/g," ");

    function searchBoxOnBeforePasteHandler() {
    event.returnValue = false;

    function setSearchBoxes(newstr) {
    var searchBoxes = d.getElementsByName('p');
    for (var i=0; i
  2. gamerbyron


    Apr 9, 2007
    Welcome, Well, I have no idea what are you trying to do. Does your computers slows down? Are whats with the codes?
  3. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    i m totally **** on pc i worked out that 1 is a trojun & other is worm ??? but i think i have made it even worse now . my computer has slowed rite down an it dosnt like i.e7 all so my task bar and start menu are upside down because im a bit ov a dunce i thin the only way it will get done MESSAGE in reply GAMERBYRON (THATS MY SONS NAME).cud u fix it from your end??????????
  4. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi bluecheesey-

    I'm sorry, but the TSG site does not work with remote fixing, we can help you by using some scans, with you posting the results...

    First thing to do is this:

    Let's have you post a log from Hijackthis and maybe we can spot anything out of place:
    go to Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Paste the log in your next reply.
    • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Also, please do this:
    Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list in a reply._ _ _ _
  5. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    message in reply 2 those codes are what i pasted and copied from avan 4 virus chest i have just done another scan with house call free scan im gettin well vexd with it think i mite just throw it in the bin is there a easy to use online course i can do
  6. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    bluecheesey--- Please see my Reply.

    The code you posted means nothing, it looks like some results from a Yahoo search....

    You need to post a Hijackthis log first, my post explains how to get it posted.
  7. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    mate i cant do it iknow theres a virus well its good bye pc thanx for your help byteman and gamer theres only so much i can take lads 3 days this is the 4th day ive tried system restore & thats the printer and scanner out of the flat window......message in reply?
  8. gamerbyron


    Apr 9, 2007
    What do you mean you can't do? Of course you can, as Byteman said, download Hijackthis. If you don't like to do this. How can we help you? We can't help you if you don't post Hijackthis.

    Remember, pc don't always die, enough tho you have a virus on your computer doesn't mean its dead. All around the world, most computers are infected, and they are not dead. They are always will be fixed and problem solved. Doing a system restore will not help to prevent viruses.
  9. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:05:43, on 13/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\Program Files\OneStepSearch\onestep.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\RegistrySmart\RegistrySmart.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\My Download Files\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

    End of file - 6681 bytes
  10. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    is that it?
  11. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Yes, you did great, hang on while I check it
  12. gamerbyron


    Apr 9, 2007
    Yep, You did great too. I'm glad we can help you(y) :)
  13. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    whats next then people?
  14. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002

    One Step Search is adware> if you find it something you want to get rid of, please do this:

    From your Control Panel, select Add/Remove Programs.
    Locate OneStep Search and highlight.
    Click on the Remove button.

    Next, post a new Hijackthis log please.

    Was OneStep what was found as a "Trojan" or something by another scan you did?
  15. bluecheesey

    bluecheesey Thread Starter

    Nov 12, 2007
    can any of you rather calm & pleasant fellas let me know of a remote access site??????????
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/651119

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice