MyPCHell.com - Resurrecting PCs One At A Time

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« on: November 14, 2005, 08:46:43 PM »

I found this in my running processes "TSAdBot.exe" I was reading about it but am still unsure if its a legitimate process or a spyware thing? Should I try to get rid of it? Apparently it slows connection speed, and earlier none of my music files would open "being used by an other program" error but no other programs open. I also had hassle with emails sending but actually staying in the outbox after sending. Is it this program above messing me about? None of my spyware anti virus stuff picked it up?
As always anticipating you're collective wisdom!

Strum


	Logged

This is my shadows shadow...

windowsxp550

Administrator

Posts: 932

gremlin ?

« Reply #1 on: November 14, 2005, 09:10:37 PM »

Strum,

Here is what I found out about tsadbot

------------------------------------------
Process File: tsadbot or tsadbot.exe
Process Name: Tsadbot

Description:
tsadbot.exe is the executable for an adware application that is known to reduce the performance of your Internet connection. This process should be removed to ensure your personal privacy.

-----------------------------------------
How to remove tsadbot:

-----------------------------------------
TSAdBot Removal Instructions

Before you can delete files, you must first stop all the TSAdBot processes that are running in memory.
Do this by ending all processes from the Task Manager.

Press CTRL+ALT+DELETE to open the Windows Task Manager. If you see multiple "tabs," click on the "Processes" tab. For each process that you would like to kill, find the process name in the list, click it to select it, and click the "End Process" button.

Delete registry values Instructions:
Open the Windows Registry Editor by clicking on the Windows "Start" button, clicking "Run," and typing "regedit" into the box in the Window that appears. Click "OK".

Once the Registry Editor is open, navigate through the registry tree to the
location of the key that you wish to delete. When you find the key or
value to be deleted, click on it to highlight it and press the "DELETE" key.

Delete Registry Values:
TimeSink

Unregister DLL Instructions:
To un-register a DLL file, first locate the file on your hard drive. Open a command prompt window by clicking on the Windows "Start" button, clicking "Run," and typing "cmd" into the box in the Window that appears. Click "OK."

Next type "regsvr32 /u " and press the "ENTER" key. For example, to un-register a file called "myDll.dll" which is located in the "C:\windows\system32" folder, your would type
"regsvr32 /u C:\windows\system32\myDll.dll" and press the "ENTER" key.

Delete File Entries:
vcpdll.dll
flexactv.dll
TimeSink Ad Client

--------------------------------------------

Hope that helps


	Logged

TAGGING!!! New Feature Added to FixMyXP!

Click HERE to Read all about it

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« Reply #2 on: November 15, 2005, 08:49:42 AM »

Quote from: windowsxp550

Jason All I found by searching was vcpdll.dll and deleted it. as far as the registry goes I wouldn't even know where to start looking..
Cheers

Strum[/b]


	Logged

This is my shadows shadow...

Cache

Rising Star

Posts: 380

gremlin ?

« Reply #3 on: November 15, 2005, 11:26:10 AM »

Post a HijackThis log if you like Strum.


	Logged

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« Reply #4 on: November 15, 2005, 12:14:07 PM »

Quote from: Cache

Post a HijackThis log if you like Strum.

thanks Cache, hjt log on the way. Cheers for that!

Strum


	Logged

This is my shadows shadow...

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« Reply #5 on: November 15, 2005, 12:16:18 PM »

here you go...

Logfile of HijackThis v1.99.1
Scan saved at 17:14:31, on 15/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\twain_32\mydsc\pccam.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Documents and Settings\dec\Desktop\Security\hilack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = smtp.irishbroadband.net
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ReadFile Class - {811ABD55-9D94-4892-AB46-11D7DA29B8AE} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Fantasy DeskMate.LNK = C:\Program Files\DeskMates\Fantasy\Fantasy.exe
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://www.ie-cards.com/flashplayer.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A727011-AD0A-41F8-925D-4F9743EFF410}: NameServer = 62.231.32.10,62.231.32.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0C23B0-9023-4D5B-917C-1E7B59A9D1C4}: NameServer = 62.231.32.10,62.231.32.11
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Cheers, Strum


	Logged

This is my shadows shadow...

Cache

Rising Star

Posts: 380

gremlin ?

« Reply #6 on: November 15, 2005, 01:14:07 PM »

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

whSurvey.exe
DeskMateAutoUpdate.exe
TSAdBot.exe
Fantasy.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

TimeSink
webHancer
DeskMates

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R3 - Default URLSearchHook is missing
O2 - BHO: ReadFile Class - {811ABD55-9D94-4892-AB46-11D7DA29B8AE} - blank (file missing)
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"
O4 - Startup: Fantasy DeskMate.LNK = C:\Program Files\DeskMates\Fantasy\Fantasy.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c8.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Program Files\webHancer\
C:\Program Files\TimeSink\
C:\Program Files\DeskMates\
tsad.dll
FlexActv.dll
vcpdll.dll
Addon2VB.dll

Open Note Pad and copy/paste the following (including "Windows Registry Editor Version 5.00"):

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE/Software/TimeSink]
[-HKEY_CURRENT_USER/Software/TimeSink]

Save it with these properties:
file name: nosink.reg
Save as type: All files
Encoding: ANSI

Now double-click on the file you just made and merge it with your registry.

Goto Start-->Run and type "regedit" (without the quotes) then press enter. Navigate to:

HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Run

Delete all keys relating to:

Conducent
TSADBOT

Next navigate to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Shareddlls

Delete all keys relating to:
FlexAct
tsad.dll
vcpdll.dll
tsadbot.exe
Addon2VB.dll

Reboot into normal mode and post a fresh HJT log.


	Logged

Squeezebox

Administrator

Posts: 2756

gremlin ?

« Reply #7 on: November 15, 2005, 01:15:49 PM »

You've got one or two dodgy bits in there Strum, one is Webhancer. Instructions to get rid of it here:

http://www.bleepingcomputer.com/forums/How_to_remove_Webhancer-t3133.html

Back later with more, but you could also have HJT remove this entry to get rid of that trojan:

O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"

I would suspect the Deskmates thing that you have downloaded as carrying the nasties - you might like ot consider getting rid of it.

Dave


	Logged

Squeezebox

Administrator

Posts: 2756

gremlin ?

« Reply #8 on: November 15, 2005, 01:17:12 PM »

I see that Cache was on the case at the same time. Maybe I'll just watch now.


	Logged

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« Reply #9 on: November 15, 2005, 01:35:48 PM »

Quote from: Squeezebox

Think you're dead right about the deskmates. Anyway they WERE cute!

Strumthanks


	Logged

This is my shadows shadow...

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« Reply #10 on: November 15, 2005, 01:37:35 PM »

Quote from: Squeezebox

I see that Cache was on the case at the same time. Maybe I'll just watch now.

yep, I'm going to go through Cache's instructions and let you know...

Cheers


	Logged

This is my shadows shadow...

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« Reply #11 on: November 15, 2005, 02:29:49 PM »

did all of that to the letter Cache. Two files didn't turn up in search but no matter I hope.

Deskmates are all gone now

heres the latest the log..

Logfile of HijackThis v1.99.1
Scan saved at 19:19:29, on 15/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\dec\Desktop\Security\hilack this\HijackThis.exe
C:\WINDOWS\Explorer.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = smtp.irishbroadband.net
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://www.ie-cards.com/flashplayer.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A727011-AD0A-41F8-925D-4F9743EFF410}: NameServer = 62.231.32.10,62.231.32.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0C23B0-9023-4D5B-917C-1E7B59A9D1C4}: NameServer = 62.231.32.10,62.231.32.11
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks a lot people always with the unselfishness of you're time.

Strum


	Logged

This is my shadows shadow...

Strum

Royal Advisor

Posts: 1791

Gabba Gabba Hey!

gremlin ?

« Reply #12 on: November 15, 2005, 02:40:03 PM »

are these entries necessary? cause they dont seem to even link to anything relevent?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR


	Logged

This is my shadows shadow...

Cache

Rising Star

Posts: 380

gremlin ?

« Reply #13 on: November 15, 2005, 02:40:35 PM »

You log is clean now Strum.
If you could just follow these last few instructions please.

Download and install CCleaner and let it delete any crap it finds:
http://www.filehippo.com/download_ccleaner/

Turn off System Restore the turn it back on again:
Right-click My Computer-->Properties-->click on the "System Restore" tab and place a check in the box for "Turn off System Restore"-->Apply-->yes. Then uncheck the box for "Turn off System Restore" and select Apply to turn it back on again.


	Logged

Cache

Rising Star

Posts: 380

gremlin ?

« Reply #14 on: November 15, 2005, 02:42:21 PM »

Quote from: Strum

Are they not what you have set as your home page?


	Logged

Pages: [1] 2

« previous next »