1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Eh well, I was asked to post this here...

Discussion in 'Virus & Other Malware Removal' started by talontepes, Apr 6, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. talontepes

    talontepes Thread Starter

    Joined:
    Apr 6, 2005
    Messages:
    6
    Well I was asked to post this log here after sending an e-mail to a person who's site I looked at off of this site.

    Well, anyway here it is, any help will be gladly appreciated, if you'd be kind enough it'd be easier for me to read my emails than to check here beings I work most of the day. talontepes 'at' hotmail d o t com


    Ready
    Checking for recent updates
    Updating local threat identification files, please wait...
    Scanning memory
    File C:\Program Files\Hddrgw\Nyqbez.exe is infected with: Trojan.DownLoader.1389

    File C:\WINDOWS\System32\aklsp.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\System32\nvnpvk.exe is infected with: Trojan.Click.291

    File C:\WINDOWS\System32\picsvr\picsvr.exe is infected with: Trojan.DownLoader.2073

    File C:\WINDOWS\System32\rtcchap.exe is infected with: Trojan.DownLoader.2094

    File C:\WINDOWS\System32\winup2date.dll is infected with: Trojan.Click.287

    File C:\WINDOWS\System\explorer.exe is infected with: Trojan.DownLoader.20480

    File C:\windows\system32\avazkp.exe is infected with: Trojan.DownLoader.1518

    Scanning for possible spyware
    Scanning
    File C:\update.exe is infected with: BackDoor.Iroffer.1221

    File C:\WINDOWS\ast_5_main.exe is infected with: Trojan.MulDrop.1564

    File C:\Program Files\CF-pIRCh\events.bak is infected with: IRC.Generic.17

    File C:\Program Files\CF-pIRCh\events.ini is infected with: IRC.Generic.17

    File C:\Program Files\Hddrgw\Nyqbez.exe is infected with: Trojan.DownLoader.1389

    File C:\RECYCLER\S-1-5-21-1409082233-1965331169-725345543-1005\Dc1.ex$ is infected with: Trojan.DownLoader.209

    File C:\WINDOWS\Downloaded Program Files\ysbactivex.dll is infected with: Trojan.Isbar.191

    File C:\WINDOWS\system\explorer.exe is infected with: Trojan.DownLoader.20480

    File C:\WINDOWS\system\update.exe is infected with: Trojan.DownLoader.20480

    File C:\WINDOWS\system\winspool.exe is infected with: Trojan.DownLoader.20480

    File C:\WINDOWS\system32\akcore.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\system32\aklsp.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\system32\akrules.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\system32\akupd.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\system32\avazkp.exe is infected with: Trojan.DownLoader.1518

    File C:\WINDOWS\system32\casino.exe is infected with: Dialer.Silent

    File C:\WINDOWS\system32\Microsoft.exe is infected with: Win32.HLLW.ForBot.based

    File C:\WINDOWS\system32\rmoocx.exe is infected with: Trojan.DownLoader.2094

    File C:\WINDOWS\system32\rtcchap.exe is infected with: Trojan.DownLoader.2094

    File C:\WINDOWS\system32\runsvc32.exe is infected with: Trojan.MulDrop.1586

    File C:\WINDOWS\system32\spoolsrv32.exe is infected with: Trojan.Click.237

    File C:\WINDOWS\system32\srpcsrv32.dll is infected with: Trojan.Click.238

    File C:\WINDOWS\system32\supd130404.exe is infected with: Trojan.MulDrop.1541

    File C:\WINDOWS\system32\sysupd1003.exe is infected with: Trojan.DownLoader.1177

    File C:\WINDOWS\system32\tksrv98.exe is infected with: Trojan.DownLoader.196

    File C:\WINDOWS\system32\vpvap.dat is infected with: Trojan.Click.291

    File C:\WINDOWS\system32\win32.ex$ is infected with: Win32.HLLW.ForBot.based

    File C:\WINDOWS\system32\winhlpp32.exe is infected with: Win32.HLLW.Agobot

    File C:\WINDOWS\system32\winup2date.dll is infected with: Trojan.Click.287

    File C:\WINDOWS\Temp\akcore.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\Temp\aklsp.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\Temp\akrules.dll is infected with: Trojan.Virtumod

    File C:\WINDOWS\Temp\f4801625.exe is infected with: Trojan.Click.291

    File C:\WINDOWS\system32\picsvr\picsvr.exe is infected with: Trojan.DownLoader.2073

    File C:\WINDOWS\Temp\THI1CAC.tmp\farmmext.exe is infected with: Trojan.Stubby

    File C:\Documents and Settings\linda\Local Settings\Temp\temp.fr6D51 is infected with: Trojan.Ads

    File C:\Documents and Settings\wes\Local Settings\Temp\cln197.tmp is infected with: Trojan.Dyfuca

    File C:\Documents and Settings\wes\Local Settings\Temp\tp7543.exe is infected with: Trojan.Click.291

    File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp is infected with: Trojan.Dyfuca

    File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp is infected with: Trojan.Dyfuca

    File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp is infected with: Win32.HLLW.ForBot.based

    File C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCE.tmp is infected with: Trojan.Stubby

    File C:\WINDOWS\system32\dllcache\site\hde.exe is infected with: IRC.Flood

    File C:\WINDOWS\system32\dllcache\site\hider.exe is infected with: Trojan.Flood.22016

    File C:\WINDOWS\system32\dllcache\site\kernel32.ex$ is infected with: BackDoor.Iroffer.1221

    File C:\WINDOWS\system32\dllcache\site\kernel32.exe is infected with: BackDoor.Iroffer.1221

    File C:\Documents and Settings\wes\Local Settings\Temp\27.exe\27.exe is infected with: Trojan.DownLoader.1357

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\16JX92CQ\sh[1].htm:javascript.0 is infected with: Trojan.DownLoader.2141

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\16JX92CQ\winupdate45876529[1].exe is infected with: Trojan.DownLoader.2144

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\2XM7CP67\cursor[1].anr is infected with: Exploit.ANIFile

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\85I3S9IV\counter[1].htm:JScript.Encode.0 is infected with: Exploit.MhtRedir

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\85I3S9IV\counter[1].htm:JScript.Encode.1 is infected with: Exploit.MhtRedir

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\85I3S9IV\index[1].htm is infected with: Exploit.Helpxsite

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\85I3S9IV\prompt[1].php is infected with: Trojan.Isbar.83

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\CXMVSPI7\x3[1].htm:javascript.0 is infected with: Exploit.MhtRedir

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\IEWS0A9Y\object[1].html:JScript.0 is infected with: VBS.Psyme.93

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\SH2BOP2F\payload[1].ani is infected with: Exploit.ANIFile

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\SH2BOP2F\start[1].htm:\\\"javascript\\\".1 is infected with: Exploit.Helpxsite

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\TGKBXDO5\loader7[1].htm:VBScript.0 is infected with: Trojan.MulDrop.1340

    File C:\Documents and Settings\linda\Local Settings\Temporary Internet Files\Content.IE5\UMRH5B9V\winupdate12143472[1].exe is infected with: Trojan.DownLoader.2144

    File C:\Documents and Settings\wes\Local Settings\Temporary Internet Files\Content.IE5\OFRJY89X\i282[1].exe is infected with: Trojan.Click.291

    File C:\Documents and Settings\wes\Local Settings\Temporary Internet Files\Content.IE5\YNWNOH6T\page1[1].htm:Script.0 is infected with: VBS.Psyme.98

    File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OP799OQT\bot[3].exe is infected with: Win32.HLLW.ForBot.based

    File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V9L5AJFL\bot[1].exe is infected with: Win32.HLLW.ForBot.based

    File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V9L5AJFL\bot[3].exe is infected with: Win32.HLLW.ForBot.based

    Total files scanned: 67441

    Total threats found: 73

    Scan Finished
    ---------------------------

    Total files scanned: 67441

    Total threats found: 114
     
  2. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
  3. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    I tried to email you as you requested but my email was returned as undeliverable for some reason,this is what I tried to send you below

    You really are infested with viruses etc and I suggest you run this
    free online scanner to fix them http://housecall.trendmicro.com/

    You will almost certainly have to post a hijackthis log as well when
    you have done that,and you can download that program here
    http://www.majorgeeks.com/download3155.html
    and post a log back to the forum for analysis .....

    We dont really encourage the publishing of email addresses as it can cause you untold problems,if you do wish to recieve emails you can do it by enabling your email address in your profile in the USER CP panel at the top of the page ...make sure you type it correctly in view of what happened when I tried to send you one .....
     
  4. talontepes

    talontepes Thread Starter

    Joined:
    Apr 6, 2005
    Messages:
    6
    heres the log file from hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 2:14:51 AM, on 4/7/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\dllcache\site\winlog.exe
    C:\Program Files\support.com\bin\tgcmd.exe
    C:\WINDOWS\system32\dllcache\site\kernel32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hddrgw\Nyqbez.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\windows\system32\avazkp.exe
    C:\WINDOWS\System32\nvnpvk.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\dfqvclcn.exe
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    C:\windows\system32\calc.exe
    C:\WINDOWS\System32\picsvr\picsvr.exe
    C:\WINDOWS\System32\rtcchap.exe
    C:\Program Files\Common Files\eAcceleration\eanthology.exe
    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System\explorer.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\WINDOWS\System32\ltfme.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\wes\LOCALS~1\Temp\Rar$EX06.922\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hot-searches.com/index.php?v=6&aff=2515878
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hot-searches.com/index.php?v=6&aff=2515878
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\ycomp5_5_7_0.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O6 "USB001" /M "Stylus C82"
    O4 - HKLM\..\Run: [Windows Kernel32 Boot App.] C:\Windows\System32\dllcache\site\update.bat
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\wes\LOCALS~1\Temp\27.exe\27.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [bdhela3k] C:\WINDOWS\System32\bdhela3k.exe
    O4 - HKLM\..\Run: [Hyquozs] C:\Program Files\Hddrgw\Nyqbez.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [avazkp] c:\windows\system32\avazkp.exe
    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nvnpvk.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [lxzkhxtrypib] C:\WINDOWS\dfqvclcn.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [oFsR3EW] rtcchap.exe
    O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
    O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
    O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\explorer.exe
    O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
    O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4 - HKCU\..\Run: [Zo35ROaFW] ltfme.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2AB65D8C-517B-4830-BDD9-5530A9D9ECA2} (Tax$imple) - https://www.taxsimple.com/citrix/tax$imple.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_37.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
    O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\ktl4l73q1.dll
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
     
  5. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    Have hijack FIX the following after closing any open windows

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hot-searches.com/index.php?v=6&aff=2515878
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hot-searches.com/index.php?v=6&aff=2515878
    R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [bdhela3k] C:\WINDOWS\System32\bdhela3k.exe
    O4 - HKLM\..\Run: [Hyquozs] C:\Program Files\Hddrgw\Nyqbez.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [avazkp] c:\windows\system32\avazkp.exe
    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nvnpvk.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [lxzkhxtrypib] C:\WINDOWS\dfqvclcn.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [oFsR3EW] rtcchap.exe
    O4 - HKCU\..\Run: [Zo35ROaFW] ltfme.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)


    Also find and delete the following in SAFE MODE

    C:\WINDOWS\isrvs\desktop.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\System32\ltfme.exe
     
  6. talontepes

    talontepes Thread Starter

    Joined:
    Apr 6, 2005
    Messages:
    6
    ok now i did all that and my computers running a whole heck of a lot better, now i have one last question, if i were to delete macromedias folder off of the computer would it affect my computer? its saying that the system or sys folder is corrupt and is stopping some programs from running
     
  7. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    Never been asked that before best advice I can give is have a look at this site http://www.litepc.com/xplite/flash.htm it seems that some programs do require it to be there,I would advise you uninstalling,then re-installing it again ......
     
  8. talontepes

    talontepes Thread Starter

    Joined:
    Apr 6, 2005
    Messages:
    6
    also what would i do about this.

    C:\WINDOWS\SYSTEM32\AUTOEXEC.NT The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate this application.

    its coming up when i go to install this delta force demo i got off a site
     
  9. talontepes

    talontepes Thread Starter

    Joined:
    Apr 6, 2005
    Messages:
    6
    with the macromedia i cant uninstall it because it disappeared off of the list, and when i go to delete the problem folder it gives me, cannot delete, folder is corrupt and unreadable
     
  10. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    Try deleting that Macromedia file in SAFE MODE .....

    I dont do any games but it seems to me that XP will not run that paticular demo,best thing to do would be to start a new thread in the Games forum and ask that question in there as thats where all the games experts reside ......
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/350149

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice