MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Unable to download IE 6
December 08, 2019, 07:14:33 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 08, 2019, 07:14:33 PM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Unable to download IE 6  (Read 1754 times)
jerry814
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 9


Bookmark and Share

View Profile
« on: February 28, 2008, 04:05:56 PM »

I waas directed from another forum to post  this here and see if anyone could help me

I am running Windows ME and I have avast virus and outpost firewall and just yesterday a-squared security I have gotten a virus in the past and for some reason it removed IE 6 along with Restore System and some of my games I had downloaded. I think I have cleaned up the virus but I am unable to reinstall or download IE6 and I can not find Restore System. My computer still freezzes up and does all sort of crazy things at times and runs slow Maybe I have a virus or trojan that I am not finding with my protection. Any help would be appericated Oh yes it says in the add remove program that I have Internet Explorer Q891781 and it will not let me remove it what is that This is how I found your site trying to find out what it was

Can you access Windows Updates from your startup menu?

Thanks for replying but No I can't

Search for a file in your Windows folder, file called hosts
There's no extension on the file, just the name straight up.
Open the file with Notepad and then post the contents of the file here.

ok here it is

127.0.0.1 localhost #***Inserted By STOPzilla***

127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 best4all.net # ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
127.0.0.1 game4all.biz # ***Inserted By STOPzilla***
127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
127.0.0.1 it.online-more.com # ***Inserted By STOPzilla***
127.0.0.1 lust-mature.com # ***Inserted By STOPzilla***
127.0.0.1 mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
127.0.0.1 msmn.com # ***Inserted By STOPzilla***
127.0.0.1 musah.info # ***Inserted By STOPzilla***
127.0.0.1 newsh.com # ***Inserted By STOPzilla***
127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 onlyhotlinks.com # ***Inserted By STOPzilla***
127.0.0.1 on-search.com # ***Inserted By STOPzilla***
127.0.0.1 picshunter.us # ***Inserted By STOPzilla***
127.0.0.1 picslab.com # ***Inserted By STOPzilla***
127.0.0.1 redirect.msupdate.net # ***Inserted By STOPzilla***
127.0.0.1 rogalik.net # ***Inserted By STOPzilla***
127.0.0.1 search4www.com # ***Inserted By STOPzilla***
127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
127.0.0.1 s*x-pics.biz # ***Inserted By STOPzilla***
127.0.0.1 sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1 traffbest.biz # ***Inserted By STOPzilla***
127.0.0.1 traffbucks.biz # ***Inserted By STOPzilla***
127.0.0.1 traffmoney.biz # ***Inserted By STOPzilla***
127.0.0.1 ukstories.net # ***Inserted By STOPzilla***
127.0.0.1 ultra-search.biz # ***Inserted By STOPzilla***
127.0.0.1 vivis*xy.com # ***Inserted By STOPzilla***
127.0.0.1 wearehosters.com # ***Inserted By STOPzilla***
127.0.0.1 www.0websearch.com <http://www.0websearch.com> # ***Inserted By STOPzilla***
127.0.0.1 www.600pics.com <http://www.600pics.com> # ***Inserted By STOPzilla***
127.0.0.1 www.all-tgp.org <http://www.all-tgp.org> # ***Inserted By STOPzilla***
127.0.0.1 www.all-websearch.com <http://www.all-websearch.com> # ***Inserted By STOPzilla***
127.0.0.1 www.bailefunk.com <http://www.bailefunk.com> # ***Inserted By STOPzilla***
127.0.0.1 www.best4all.net <http://www.best4all.net> # ***Inserted By STOPzilla***
127.0.0.1 www.besthardcore.net <http://www.besthardcore.net> # ***Inserted By STOPzilla***
127.0.0.1 www.bundleware.com <http://www.bundleware.com> # ***Inserted By STOPzilla***
127.0.0.1 www.coolwebsearch.com <http://www.coolwebsearch.com> # ***Inserted By STOPzilla***
127.0.0.1 www.dedmazai.com <http://www.dedmazai.com> # ***Inserted By STOPzilla***
127.0.0.1 www.flavinha.com <http://www.flavinha.com> # ***Inserted By STOPzilla***
127.0.0.1 www.granjerascachondas.com <http://www.granjerascachondas.com> # ***Inserted By STOPzilla***
127.0.0.1 www.heretofind.com <http://www.heretofind.com> # ***Inserted By STOPzilla***
127.0.0.1 www.hqthumbz.com <http://www.hqthumbz.com> # ***Inserted By STOPzilla***
127.0.0.1 www.lust-mature.com <http://www.lust-mature.com> # ***Inserted By STOPzilla***
127.0.0.1 www.mikos.paraisoasiatico.com <http://www.mikos.paraisoasiatico.com> # ***Inserted By STOPzilla***
127.0.0.1 www.more-pages.com <http://www.more-pages.com> # ***Inserted By STOPzilla***
127.0.0.1 www.msmn.com <http://www.msmn.com> # ***Inserted By STOPzilla***
127.0.0.1 www.newsh.com <http://www.newsh.com> # ***Inserted By STOPzilla***
127.0.0.1 www.nude-teens-bodies.com <http://www.nude-teens-bodies.com> # ***Inserted By STOPzilla***
127.0.0.1 www.onlyhotlinks.com <http://www.onlyhotlinks.com> # ***Inserted By STOPzilla***
127.0.0.1 www.on-search.com <http://www.on-search.com> # ***Inserted By STOPzilla***
127.0.0.1 www.picshunter.us <http://www.picshunter.us> # ***Inserted By STOPzilla***
127.0.0.1 www.picslab.com <http://www.picslab.com> # ***Inserted By STOPzilla***
127.0.0.1 www.procounter.biz <http://www.procounter.biz> # ***Inserted By STOPzilla***
127.0.0.1 www.search4www.com <http://www.search4www.com> # ***Inserted By STOPzilla***
127.0.0.1 www.searchforit.com <http://www.searchforit.com> # ***Inserted By STOPzilla***
127.0.0.1 www.searchx.cc <http://www.searchx.cc> # ***Inserted By STOPzilla***
127.0.0.1 www.s*x-pics.biz # ***Inserted By STOPzilla***
127.0.0.1 www.sp2admin.biz <http://www.sp2admin.biz> # ***Inserted By STOPzilla***
127.0.0.1 www.surubanet.com <http://www.surubanet.com> # ***Inserted By STOPzilla***
127.0.0.1 www.teen-biz.com <http://www.teen-biz.com> # ***Inserted By STOPzilla***
127.0.0.1 www.teen-fantazi.com <http://www.teen-fantazi.com> # ***Inserted By STOPzilla***
127.0.0.1 www.teenygirlshome.com <http://www.teenygirlshome.com> # ***Inserted By STOPzilla***
127.0.0.1 www.traff4ppc.biz <http://www.traff4ppc.biz> # ***Inserted By STOPzilla***
127.0.0.1 www.vivis <http://www.vivis>*xy.com # ***Inserted By STOPzilla***
127.0.0.1 www.wearehosters.com <http://www.wearehosters.com> # ***Inserted By STOPzilla***
127.0.0.1 www.ysbweb.com <http://www.ysbweb.com> # ***Inserted By STOPzilla***
127.0.0.1 www.zgallery.us <http://www.zgallery.us> # ***Inserted By STOPzilla***
127.0.0.1 www.zonebest.com <http://www.zonebest.com> # ***Inserted By STOPzilla***
127.0.0.1 yhvoo.eseconsult.info # ***Inserted By STOPzilla***
127.0.0.1 ysbweb.com # ***Inserted By STOPzilla***
127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***

Looks like you've got a decent enough setup there. The hosts file is looking very impressive, to be honest.

Now the next thing to do is to go over to the Security and Viruses forum, and see if Pancake can help you spot any potential troublemakers on your system. Once that's finished, come back here and we'll keep searching for a way to solve your IE problem.

Personally I'd stop using it and start using Firefox instead, but each to his own, as they say.

Good luck
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: February 28, 2008, 11:53:51 PM »

Please download HijackThis to your desktop.. http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Alternate link
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
Logged

An Australian Member of

EDDY
jerry814
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 9


Bookmark and Share

View Profile
« Reply #2 on: February 29, 2008, 05:16:52 PM »

Ok hope this helps  did not remove anything will if I need too when I hear back from you  THANKS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:53 PM, on 2/29/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBICON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TFMNBOD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B9383572-20AA-40AC-9882-EA7C952C3462} - C:\Program Files\NetMeeting\bufume89104.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\SYSTEM\USBIcon.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /service
O4 - HKCU\..\Run: [oqingmikn] c:\windows\system\oqingmikn.exe
O4 - HKCU\..\Run: [uzwmlbp] c:\windows\system\uzwmlbp.exe
O4 - HKCU\..\Run: [bzwzzv] c:\windows\system\bzwzzv.exe
O4 - HKCU\..\Run: [yikqdknp] c:\windows\system\yikqdknp.exe
O4 - HKCU\..\Run: [novbtjwxc] c:\windows\system\novbtjwxc.exe
O4 - HKCU\..\Run: [rtvxejla] c:\windows\system\rtvxejla.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\PROGRAM FILES\ASCENTIVE\PC SPEEDSCAN PRO\PCSPEEDSCAN.exe -m
O4 - HKCU\..\Run: [pwenuzi] c:\windows\system\pwenuzi.exe
O4 - HKCU\..\Run: [wbgppn] c:\windows\system\wbgppn.exe
O4 - HKCU\..\Run: [pmtcffulb] c:\windows\system\pmtcffulb.exe
O4 - HKCU\..\Run: [iarqogqzw] c:\windows\system\iarqogqzw.exe
O4 - HKCU\..\Run: [rrispj] c:\windows\system\rrispj.exe
O4 - HKCU\..\Run: [eclnmgasqp] c:\windows\system\eclnmgasqp.exe
O4 - HKCU\..\Run: [xxdnkmz] c:\windows\system\xxdnkmz.exe
O4 - HKCU\..\Run: [obmoxkj] c:\windows\system\obmoxkj.exe
O4 - HKCU\..\Run: [sakcls] c:\windows\system\sakcls.exe
O4 - HKCU\..\Run: [svptcka] c:\windows\system\svptcka.exe
O4 - HKCU\..\Run: [dpvhmt] c:\windows\system\dpvhmt.exe
O4 - HKCU\..\Run: [iavxjegb] c:\windows\system\iavxjegb.exe
O4 - HKCU\..\Run: [kccymk] c:\windows\system\kccymk.exe
O4 - HKCU\..\Run: [tfmnbod] c:\windows\system\tfmnbod.exe
O4 - HKUS\.DEFAULT\..\Run: [oqingmikn] c:\windows\system\oqingmikn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [uzwmlbp] c:\windows\system\uzwmlbp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [bzwzzv] c:\windows\system\bzwzzv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [yikqdknp] c:\windows\system\yikqdknp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [novbtjwxc] c:\windows\system\novbtjwxc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [rtvxejla] c:\windows\system\rtvxejla.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [PC SpeedScan Pro] C:\PROGRAM FILES\ASCENTIVE\PC SPEEDSCAN PRO\PCSPEEDSCAN.exe -m (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [pwenuzi] c:\windows\system\pwenuzi.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [wbgppn] c:\windows\system\wbgppn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [pmtcffulb] c:\windows\system\pmtcffulb.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [iarqogqzw] c:\windows\system\iarqogqzw.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [rrispj] c:\windows\system\rrispj.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [eclnmgasqp] c:\windows\system\eclnmgasqp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [xxdnkmz] c:\windows\system\xxdnkmz.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [obmoxkj] c:\windows\system\obmoxkj.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [sakcls] c:\windows\system\sakcls.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svptcka] c:\windows\system\svptcka.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [dpvhmt] c:\windows\system\dpvhmt.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [iavxjegb] c:\windows\system\iavxjegb.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [kccymk] c:\windows\system\kccymk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [tfmnbod] c:\windows\system\tfmnbod.exe (User 'Default user')
O4 - .DEFAULT Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUFOX000
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\PLUGINS\BROWSERBAR\IE_BAR.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/chuzzle/popcaploader.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse.com/games/JBGamePlayer.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.arcadetown.com/swf/mahjongescape/PTGameLauncher.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://www.arcadetown.com/swf/waterbugs/r64loader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.arcadetown.com/swf/tumblebugs/axhost.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.gamehouse.com/realarcade-webgames/bewitched/launcher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab
O20 - AppInit_DLLs:  C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\wl_hook.dll

--
End of file - 10785 bytes
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: February 29, 2008, 10:19:43 PM »

Hi...

Please download The Avenger to your Desktop and unzip it.

Copy all the text contained in the code box below ( including the words "files to delete" ) by highlighting it and right clicking and selecting "Copy"


Quote
Files to delete:
c:\windows\system\oqingmikn.exe
 c:\windows\system\uzwmlbp.exe
c:\windows\system\bzwzzv.exe
 c:\windows\system\yikqdknp.exe
 c:\windows\system\novbtjwxc.exe
 c:\windows\system\rtvxejla.exe
 c:\windows\system\pwenuzi.exe
 c:\windows\system\wbgppn.exe
 c:\windows\system\pmtcffulb.exe
 c:\windows\system\iarqogqzw.exe
 c:\windows\system\rrispj.exe
 c:\windows\system\eclnmgasqp.exe
 c:\windows\system\xxdnkmz.exe
 c:\windows\system\obmoxkj.exe
 c:\windows\system\sakcls.exe
 c:\windows\system\svptcka.exe
c:\windows\system\dpvhmt.exe
 c:\windows\system\iavxjegb.exe
 c:\windows\system\kccymk.exe
 c:\windows\system\tfmnbod.exe
c:\windows\system\oqingmikn.exe
c:\windows\system\uzwmlbp.exe
 c:\windows\system\bzwzzv.exe
 c:\windows\system\yikqdknp.exe
c:\windows\system\novbtjwxc.exe
c:\windows\system\rtvxejla.exe
c:\windows\system\pwenuzi.exe
 c:\windows\system\wbgppn.exe
 c:\windows\system\pmtcffulb.exe
 c:\windows\system\iarqogqzw.exe
 c:\windows\system\rrispj.exe
 c:\windows\system\eclnmgasqp.exe
 c:\windows\system\xxdnkmz.exe
 c:\windows\system\obmoxkj.exe
 c:\windows\system\sakcls.exe
 c:\windows\system\svptcka.exe
 c:\windows\system\dpvhmt.exe
 c:\windows\system\iavxjegb.exe
c:\windows\system\kccymk.exe
 c:\windows\system\tfmnbod.exe



Now, start The Avenger program by clicking on its icon on your desktop. Look under "Script file to execute" and click on "Input Script Manually". Next click on the Magnifying Glass icon and a blank dialogue box will open called "View/Edit script". Position your mouse inside the box, rightclick and choose Paste. All the text above in the code box should now appear there. Click Done and click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

The Avenger will restart your computer. (if the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)

When you have rebooted, a black command window briefly opens on your desktop, this is normal. A logfile will be created that records all actions that The Avenger performed. This log file is saved to C:\avenger.txt. The deleted files will be backed up and saved to C:\avenger\backup.zip.

Once your computer has rebooted, please post back the contents of C:\avenger.txt, a new Hijack This log.

========================================

 Please download  Deckard's System Scanner  (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt to here.
Please attach or copy and paste extra.txt to your post.
« Last Edit: February 29, 2008, 10:23:16 PM by Pancake » Logged

An Australian Member of

EDDY
jerry814
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 9


Bookmark and Share

View Profile
« Reply #4 on: March 02, 2008, 03:26:06 AM »

I tried to dowmload avenger but this is the message I got     "C:\WINDOWS\TemporaryInternetFiles\Content.IE5\852Vo1UF\avenger(1).zip"       Windows cannot access the specified device, path, or file.  You may not have the appropriate permission tp acess the ite.  ok

Sorry to be a problem but I need help if possible You will probley have to walk me thru most of this
--------------------------------------------------------------------------------
 



     Re: Unable to download IE 6
Logged
jerry814
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 9


Bookmark and Share

View Profile
« Reply #5 on: March 02, 2008, 03:28:44 AM »

Sorry should have also told you unable to download Deckard's System Scanner (DSS)   all I get is a page that says unable to load page
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: March 02, 2008, 04:20:20 AM »




Please download the OTMoveIt by OldTimer

 Save it to your desktop.

 Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


c:\windows\system\oqingmikn.exe
 c:\windows\system\uzwmlbp.exe
c:\windows\system\bzwzzv.exe
 c:\windows\system\yikqdknp.exe
 c:\windows\system\novbtjwxc.exe
 c:\windows\system\rtvxejla.exe
 c:\windows\system\pwenuzi.exe
 c:\windows\system\wbgppn.exe
 c:\windows\system\pmtcffulb.exe
 c:\windows\system\iarqogqzw.exe
 c:\windows\system\rrispj.exe
 c:\windows\system\eclnmgasqp.exe
 c:\windows\system\xxdnkmz.exe
 c:\windows\system\obmoxkj.exe
 c:\windows\system\sakcls.exe
 c:\windows\system\svptcka.exe
c:\windows\system\dpvhmt.exe
 c:\windows\system\iavxjegb.exe
 c:\windows\system\kccymk.exe
 c:\windows\system\tfmnbod.exe
c:\windows\system\oqingmikn.exe
c:\windows\system\uzwmlbp.exe
 c:\windows\system\bzwzzv.exe
 c:\windows\system\yikqdknp.exe
c:\windows\system\novbtjwxc.exe
c:\windows\system\rtvxejla.exe
c:\windows\system\pwenuzi.exe
 c:\windows\system\wbgppn.exe
 c:\windows\system\pmtcffulb.exe
 c:\windows\system\iarqogqzw.exe
 c:\windows\system\rrispj.exe
 c:\windows\system\eclnmgasqp.exe
 c:\windows\system\xxdnkmz.exe
 c:\windows\system\obmoxkj.exe
 c:\windows\system\sakcls.exe
 c:\windows\system\svptcka.exe
 c:\windows\system\dpvhmt.exe
 c:\windows\system\iavxjegb.exe
c:\windows\system\kccymk.exe
 c:\windows\system\tfmnbod.exe




 Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Post a new HJT log when done..

« Last Edit: March 02, 2008, 04:32:32 AM by Pancake » Logged

An Australian Member of

EDDY
jerry814
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 9


Bookmark and Share

View Profile
« Reply #7 on: March 02, 2008, 05:18:45 PM »

In hope this is the HJT log your asking for

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:35 PM, on 3/2/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBICON.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B9383572-20AA-40AC-9882-EA7C952C3462} - C:\Program Files\NetMeeting\bufume89104.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\SYSTEM\USBIcon.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [VidSvr] 
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OUTPOST.EXE /service
O4 - HKCU\..\Run: [uzwmlbp] c:\windows\system\uzwmlbp.exe
O4 - HKCU\..\Run: [bzwzzv] c:\windows\system\bzwzzv.exe
O4 - HKCU\..\Run: [yikqdknp] c:\windows\system\yikqdknp.exe
O4 - HKCU\..\Run: [novbtjwxc] c:\windows\system\novbtjwxc.exe
O4 - HKCU\..\Run: [rtvxejla] c:\windows\system\rtvxejla.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\PROGRAM FILES\ASCENTIVE\PC SPEEDSCAN PRO\PCSPEEDSCAN.exe -m
O4 - HKCU\..\Run: [pwenuzi] c:\windows\system\pwenuzi.exe
O4 - HKCU\..\Run: [wbgppn] c:\windows\system\wbgppn.exe
O4 - HKCU\..\Run: [pmtcffulb] c:\windows\system\pmtcffulb.exe
O4 - HKCU\..\Run: [iarqogqzw] c:\windows\system\iarqogqzw.exe
O4 - HKCU\..\Run: [rrispj] c:\windows\system\rrispj.exe
O4 - HKCU\..\Run: [eclnmgasqp] c:\windows\system\eclnmgasqp.exe
O4 - HKCU\..\Run: [xxdnkmz] c:\windows\system\xxdnkmz.exe
O4 - HKCU\..\Run: [obmoxkj] c:\windows\system\obmoxkj.exe
O4 - HKCU\..\Run: [sakcls] c:\windows\system\sakcls.exe
O4 - HKCU\..\Run: [svptcka] c:\windows\system\svptcka.exe
O4 - HKCU\..\Run: [dpvhmt] c:\windows\system\dpvhmt.exe
O4 - HKCU\..\Run: [iavxjegb] c:\windows\system\iavxjegb.exe
O4 - HKCU\..\Run: [kccymk] c:\windows\system\kccymk.exe
O4 - HKCU\..\Run: [tfmnbod] c:\windows\system\tfmnbod.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE" -Update -1020023 -IEXPLORE.EXE5.50
O4 - HKUS\.DEFAULT\..\Run: [uzwmlbp] c:\windows\system\uzwmlbp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [bzwzzv] c:\windows\system\bzwzzv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [yikqdknp] c:\windows\system\yikqdknp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [novbtjwxc] c:\windows\system\novbtjwxc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [rtvxejla] c:\windows\system\rtvxejla.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [PC SpeedScan Pro] C:\PROGRAM FILES\ASCENTIVE\PC SPEEDSCAN PRO\PCSPEEDSCAN.exe -m (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [pwenuzi] c:\windows\system\pwenuzi.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [wbgppn] c:\windows\system\wbgppn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [pmtcffulb] c:\windows\system\pmtcffulb.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [iarqogqzw] c:\windows\system\iarqogqzw.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [rrispj] c:\windows\system\rrispj.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [eclnmgasqp] c:\windows\system\eclnmgasqp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [xxdnkmz] c:\windows\system\xxdnkmz.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [obmoxkj] c:\windows\system\obmoxkj.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [sakcls] c:\windows\system\sakcls.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svptcka] c:\windows\system\svptcka.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [dpvhmt] c:\windows\system\dpvhmt.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [iavxjegb] c:\windows\system\iavxjegb.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [kccymk] c:\windows\system\kccymk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [tfmnbod] c:\windows\system\tfmnbod.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\SWHELPER_1020023.EXE" -Update -1020023 -IEXPLORE.EXE5.50 (User 'Default user')
O4 - .DEFAULT Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUFOX000
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\PLUGINS\BROWSERBAR\IE_BAR.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\SSV.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/chuzzle/popcaploader.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse.com/games/JBGamePlayer.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.arcadetown.com/swf/mahjongescape/PTGameLauncher.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://www.arcadetown.com/swf/waterbugs/r64loader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.arcadetown.com/swf/tumblebugs/axhost.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.gamehouse.com/realarcade-webgames/bewitched/launcher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab
O20 - AppInit_DLLs:  C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\wl_hook.dll

--
End of file - 10858 bytes
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: March 02, 2008, 09:53:31 PM »

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B9383572-20AA-40AC-9882-EA7C952C3462} - C:\Program Files\NetMeeting\bufume89104.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [uzwmlbp] c:\windows\system\uzwmlbp.exe
O4 - HKCU\..\Run: [bzwzzv] c:\windows\system\bzwzzv.exe
O4 - HKCU\..\Run: [yikqdknp] c:\windows\system\yikqdknp.exe
O4 - HKCU\..\Run: [novbtjwxc] c:\windows\system\novbtjwxc.exe
O4 - HKCU\..\Run: [rtvxejla] c:\windows\system\rtvxejla.exe
O4 - HKCU\..\Run: [pwenuzi] c:\windows\system\pwenuzi.exe
O4 - HKCU\..\Run: [wbgppn] c:\windows\system\wbgppn.exe
O4 - HKCU\..\Run: [pmtcffulb] c:\windows\system\pmtcffulb.exe
O4 - HKCU\..\Run: [iarqogqzw] c:\windows\system\iarqogqzw.exe
O4 - HKCU\..\Run: [rrispj] c:\windows\system\rrispj.exe
O4 - HKCU\..\Run: [eclnmgasqp] c:\windows\system\eclnmgasqp.exe
O4 - HKCU\..\Run: [xxdnkmz] c:\windows\system\xxdnkmz.exe
O4 - HKCU\..\Run: [obmoxkj] c:\windows\system\obmoxkj.exe
O4 - HKCU\..\Run: [sakcls] c:\windows\system\sakcls.exe
O4 - HKCU\..\Run: [svptcka] c:\windows\system\svptcka.exe
O4 - HKCU\..\Run: [dpvhmt] c:\windows\system\dpvhmt.exe
O4 - HKCU\..\Run: [iavxjegb] c:\windows\system\iavxjegb.exe
O4 - HKCU\..\Run: [kccymk] c:\windows\system\kccymk.exe
O4 - HKCU\..\Run: [tfmnbod] c:\windows\system\tfmnbod.exe
O4 - HKUS\.DEFAULT\..\Run: [uzwmlbp] c:\windows\system\uzwmlbp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [bzwzzv] c:\windows\system\bzwzzv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [yikqdknp] c:\windows\system\yikqdknp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [novbtjwxc] c:\windows\system\novbtjwxc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [rtvxejla] c:\windows\system\rtvxejla.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [pwenuzi] c:\windows\system\pwenuzi.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [wbgppn] c:\windows\system\wbgppn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [pmtcffulb] c:\windows\system\pmtcffulb.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [iarqogqzw] c:\windows\system\iarqogqzw.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [rrispj] c:\windows\system\rrispj.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [eclnmgasqp] c:\windows\system\eclnmgasqp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [xxdnkmz] c:\windows\system\xxdnkmz.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [obmoxkj] c:\windows\system\obmoxkj.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [sakcls] c:\windows\system\sakcls.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svptcka] c:\windows\system\svptcka.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [dpvhmt] c:\windows\system\dpvhmt.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [iavxjegb] c:\windows\system\iavxjegb.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [kccymk] c:\windows\system\kccymk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [tfmnbod] c:\windows\system\tfmnbod.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUFOX000


Remove this folder...

 C:\Program Files\NetMeeting


Reboot and post a new HJT log please.

Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 08, 2018, 11:53:36 AM