PDA

View Full Version : Help me



-mandy-83
2008-11-20, 08:50
Can somebody please help me? I found this and am not sure what to do about it. Can i fix this?
Thanks
:scratch:Xupiter.Sqwire: [SBI $84BD0F3D] Executable (File, nothing done)
C:\WINDOWS\Downloaded Program Files\SQInstaller.exe

Xupiter.Sqwire: [SBI $C17D134A] Library (File, nothing done)
C:\Program Files\Sqwire\s.dll

Xupiter.Sqwire: [SBI $DC7823F2] Library (File, nothing done)
C:\Program Files\Sqwire\t.dll

Xupiter.Sqwire: [SBI $1724F057] Library (File, nothing done)
C:\Program Files\Sqwire\u.dll

Xupiter.Sqwire: [SBI $E32D9785] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQUpdatesChecker

Xupiter.Sqwire: [SBI $A84E29F8] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQConfigChecker

Xupiter.Sqwire: [SBI $639BF6BE] Search hook (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}
Xupiter.Sqwire: [SBI $28CC686B] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\AID

Xupiter.Sqwire: [SBI $20F91614] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Check CFG At

Xupiter.Sqwire: [SBI $1D9A32A7] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Check Updates At

Xupiter.Sqwire: [SBI $F669F27D] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\CustomizeSearch

Xupiter.Sqwire: [SBI $E006F1C9] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\DOMAIN

Xupiter.Sqwire: [SBI $ABB3DD02] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQCampaign.dat

Xupiter.Sqwire: [SBI $E84DD4A9] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQDesktop.dat

Xupiter.Sqwire: [SBI $F6C12EBF] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQMenu.dat

Xupiter.Sqwire: [SBI $6C93B23F] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQUpdate.dat

Xupiter.Sqwire: [SBI $73C3E21C] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQUpdatesChecker

Xupiter.Sqwire: [SBI $EA233170] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Feedback:install

Xupiter.Sqwire: [SBI $32424738] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Homepage

Xupiter.Sqwire: [SBI $99963767] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Installation Folder

Xupiter.Sqwire: [SBI $902A6DB7] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\SearchAssistant

Xupiter.Sqwire: [SBI $D2DCF77F] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\SID

Xupiter.Sqwire: [SBI $56745507] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\ACCEPT

Xupiter.Sqwire: [SBI $0D766F05] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQInstaller

Xupiter.Sqwire: [SBI $E4ACF398] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Exes List

Xupiter.Sqwire: [SBI $78B40ECC] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Feedback:download

Xupiter.Sqwire: [SBI $ECB69883] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Icons List

Xupiter.Sqwire: [SBI $57F4C59D] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\IE Activity

Xupiter.Sqwire: [SBI $D558BE2F] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Links List

Xupiter.Sqwire: [SBI $F547A5E6] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\OLD_SEARCH_HOOKS_CURRENT

Xupiter.Sqwire: [SBI $665A3110] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\SQTempFolder

Xupiter.Sqwire: [SBI $299DE488] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Updates List

Xupiter.Sqwire: [SBI $6856FB1B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D686DB39-659A-491A-A35C-60B99495C16E}

Xupiter.Sqwire: [SBI $3AD6F68C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SQToolbar.Band

Xupiter.Sqwire: [SBI $3AD6F68C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SQToolbar.Band.1

Xupiter.Sqwire: [SBI $A8792D8F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XTSearch.XTSearchHook

Xupiter.Sqwire: [SBI $A8792D8F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XTSearch.XTSearchHook.1

Xupiter.Sqwire: [SBI $4ACA6649] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{57E69D5A-6539-4d7d-9637-775DE8A385B4}

Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)

peku006
2008-11-21, 22:54
Hello and Welcome to the forums!

My name is peku006 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Thanks peku006

-mandy-83
2008-11-22, 09:40
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:01 PM, on 11/22/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
C:\WINDOWS\MOTOROLA\SMSERIAL\SM56HLPR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
O2 - BHO: ynjpmnlqosbvxeoulunj - {7e9c4540-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: rsswblstntr - {7e9c4541-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-AU\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [eaboush] C:\WINDOWS\APPLIC~1\strprlyn.exe -QuieT
O4 - HKLM\..\Run: [win32info] c:\windows\system\win32info.exe /noconnect
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\SYSTEM\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE /Upgrade
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - .DEFAULT Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE (User 'Default user')
O4 - .DEFAULT Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE
O4 - Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .au/search?q=birds+licenses++&ie=ISO-8859-1&hl=en&btnI=I'm+Feeling+Lucky&meta=cr=countryAU: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://203.166.19.20/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O24 - Desktop Component 0: (no name) - file:///C:/My%20Documents/My%20Received%20Files/spidy.gif

--
End of file - 9614 bytes

Thanks:bigthumb:

peku006
2008-11-22, 11:04
Hi -mandy-83

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

-mandy-83
2008-11-23, 11:08
:spider: Hi i am having a problem, i downloaded Malwarebytes' Anti-Malware but i cannot install it because i only have windows 98 second edition but windows nt 4.0 or later is required. Is there anything else i can do?

peku006
2008-11-23, 11:18
Hi -mandy-83

Please download and run RSIT

-mandy-83
2008-11-24, 01:51
:cowboy:
Hi thanks for all your help. I downloaded RSIT to my desktop but it won't even open.

peku006
2008-11-24, 12:47
Hi -mandy-83

Post Uninstall list

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

-mandy-83
2008-11-24, 13:01
:wink:
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
America Online
AOL Coach Version 1.0(Build:20011028.1)
b3d Projector
Date Manager
Enhanced MediaLoads
HijackThis 2.0.2
JumpStart Artist
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
MediaLoads Installer
Messenger Plus!
Microsoft Encarta 98 Encyclopedia
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office
Microsoft Windows 98 Starts Here
Motorola SM56 Modem uninstall
Mr. Potato Head Uninstaller
MSN Messenger 6.0
MSN Messenger 7.0
MSN Toolbar
Network Play System (Patching)
Norton AntiVirus 2001
NTI CD-Maker 2000 Plus
NTI DriveBackup!
NTI FileCD
Oozic Player
Opera 9.25
Pac-Man Adventures in Time
QuickTime
RealPlayer Basic
RollerCoaster Tycoon
SimPark
Spybot - Search & Destroy
Theme Park World
Uninstall InControl Tools 98
Viewpoint Media Player (Remove Only)
WebDP 2.07
win32info
Windows tools by Hotbar

Thanks

peku006
2008-11-25, 22:12
Hi -mandy-83

PLEASE DOWNLOAD AND RUN SUPERANTISPYWARE

Please download SUPERAntiSpyware Home Edition (free) (http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE)

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions. Click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.
Click the Close button to leave the control center screen.

On the main screen, under Scan for Harmful Software, click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.

To retrieve the removal information - please do the following:

After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences . Click the Statistics/Logs tab .
Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything , then right-click and choose copy.
Click close and close again to exit the program.

Paste the Super Antispyware log here.

-mandy-83
2008-11-28, 07:09
:angel:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/28/2008 at 03:49 PM

Application Version : 4.22.1014

Core Rules Database Version : 3654
Trace Rules Database Version: 1636

Scan type : Complete Scan
Total Scan Time : 00:44:38

Memory items scanned : 180
Memory threats detected : 3
Registry items scanned : 2131
Registry threats detected : 301
File items scanned : 31429
File threats detected : 226

Adware.DelFin Project
C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
[Nfo] C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
[vidmon] C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\REMOVEWEBDP.EXE

DateManager
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE

Adware.HotBar (Low Risk)
[Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
C:\WINDOWS\SYSTEM\HBINST.EXE
C:\PROGRAM FILES\HOTBAR\BIN\HBINST.EXE

Adware.MediaLoads
HKLM\Software\Classes\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\ProgID
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\VersionIndependentProgID
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\Programmable
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\InprocServer32
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\InprocServer32#ThreadingModel
HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\TypeLib
HKCR\MP.MediaPops.1
HKCR\MP.MediaPops.1\CLSID
HKCR\MP.MediaPops
HKCR\MP.MediaPops\CLSID
HKCR\MP.MediaPops\CurVer
HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}
HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0
HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\FLAGS
HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\0
HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\0\win32
HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\HELPDIR
C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}
HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\ProxyStubClsid
HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\ProxyStubClsid32
HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\TypeLib
HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\TypeLib#Version

Adware.Xupiter
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{57E69D5A-6539-4d7d-9637-775DE8A385B4}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}

Trojan.Unclassified-Packed/Suspicious
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\ProgID
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\VersionIndependentProgID
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Programmable
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\InprocServer32
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\InprocServer32#ThreadingModel
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Control
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Insertable
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\ToolboxBitmap32
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\MiscStatus
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\MiscStatus\1
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\TypeLib
HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Version
HKCR\NSUpdateLite.NSUpdateLiteCtrl.1
HKCR\NSUpdateLite.NSUpdateLiteCtrl.1\CLSID
HKCR\NSUpdateLite.NSUpdateLiteCtrl.1\Insertable
HKCR\NSUpdateLite.NSUpdateLiteCtrl
HKCR\NSUpdateLite.NSUpdateLiteCtrl\CLSID
HKCR\NSUpdateLite.NSUpdateLiteCtrl\CurVer
HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}
HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0
HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\FLAGS
HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\0
HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\0\win32
HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\HELPDIR
C:\WINDOWS\SYSTEM\NSUPDATE.DLL
HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}
HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid
HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid32
HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\TypeLib
HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\TypeLib#Version
HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}
HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid
HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid32
HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\TypeLib
HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\TypeLib#Version

Adware.Tracking Cookie
C:\WINDOWS\Cookies\default@videoegg.adbureau[2].txt
C:\WINDOWS\Cookies\default@specificclick[3].txt
C:\WINDOWS\Cookies\default@ehg-proflowers.hitbox[2].txt
C:\WINDOWS\Cookies\default@ads.apn.co[2].txt
C:\WINDOWS\Cookies\default@ad[1].txt
C:\WINDOWS\Cookies\default@media.mtvnservices[2].txt
C:\WINDOWS\Cookies\default@perf.overture[3].txt
C:\WINDOWS\Cookies\default@www.windowsmedia[1].txt
C:\WINDOWS\Cookies\default@dcsew60m1oifwznbkznc6j9ix_5x7j[1].txt
C:\WINDOWS\Cookies\default@realmedia[1].txt
C:\WINDOWS\Cookies\default@atwola[2].txt
C:\WINDOWS\Cookies\default@xxxtoolbar[2].txt
C:\WINDOWS\Cookies\default@myaccount.centrelink.gov[1].txt
C:\WINDOWS\Cookies\default@0[2].txt
C:\WINDOWS\Cookies\default@www.teenagehumor[2].txt
C:\WINDOWS\Cookies\default@dealtime[1].txt
C:\WINDOWS\Cookies\default@crackle[1].txt
C:\WINDOWS\Cookies\default@bs.serving-sys[1].txt
C:\WINDOWS\Cookies\default@tracker.mediatracker.co[1].txt
C:\WINDOWS\Cookies\default@cassava[1].txt
C:\WINDOWS\Cookies\default@ads.adsag[1].txt
C:\WINDOWS\Cookies\default@qksrv[1].txt
C:\WINDOWS\Cookies\default@2[2].txt
C:\WINDOWS\Cookies\default@276[2].txt
C:\WINDOWS\Cookies\default@a.as-us.falkag[2].txt
C:\WINDOWS\Cookies\default@linksynergy[1].txt
C:\WINDOWS\Cookies\default@socialmedia[1].txt
C:\WINDOWS\Cookies\default@script[2].txt
C:\WINDOWS\Cookies\default@ehg-bskyb.hitbox[2].txt
C:\WINDOWS\Cookies\default@1070207279[1].txt
C:\WINDOWS\Cookies\default@zedo[3].txt
C:\WINDOWS\Cookies\default@ads.pointroll[1].txt
C:\WINDOWS\Cookies\default@6[1].txt
C:\WINDOWS\Cookies\default@valueclick[1].txt
C:\WINDOWS\Cookies\default@0[3].txt
C:\WINDOWS\Cookies\default@ehg-electricbusiness.hitbox[1].txt
C:\WINDOWS\Cookies\default@www.popuptraffic[2].txt
C:\WINDOWS\Cookies\default@www.ezytrack[1].txt
C:\WINDOWS\Cookies\default@tribalfusion[2].txt
C:\WINDOWS\Cookies\default@mediaplex[3].txt
C:\WINDOWS\Cookies\default@2o7[3].txt
C:\WINDOWS\Cookies\default@tracking.thunderdownloads[2].txt
C:\WINDOWS\Cookies\default@incentaclick[2].txt
C:\WINDOWS\Cookies\default@cz6.clickzs[1].txt
C:\WINDOWS\Cookies\default@www.trafficbeamer[2].txt
C:\WINDOWS\Cookies\default@websponsors[2].txt
C:\WINDOWS\Cookies\default@atdmt[1].txt
C:\WINDOWS\Cookies\default@as-us.falkag[2].txt
C:\WINDOWS\Cookies\default@clickbank[1].txt
C:\WINDOWS\Cookies\default@statcounter[4].txt
C:\WINDOWS\Cookies\default@maxserving[1].txt
C:\WINDOWS\Cookies\default@ads.x10[1].txt
C:\WINDOWS\Cookies\default@serving-sys[4].txt
C:\WINDOWS\Cookies\default@353[1].txt
C:\WINDOWS\Cookies\default@ehg-attenza.hitbox[2].txt
C:\WINDOWS\Cookies\default@as1.falkag[2].txt
C:\WINDOWS\Cookies\default@e-2dj6wflokhcjilo.stats.esomniture[2].txt
C:\WINDOWS\Cookies\default@www.burstnet[1].txt
C:\WINDOWS\Cookies\default@stat.dealtime[2].txt
C:\WINDOWS\Cookies\default@revsci[3].txt
C:\WINDOWS\Cookies\default@ad.yieldmanager[4].txt
C:\WINDOWS\Cookies\default@media.sensis.com[2].txt
C:\WINDOWS\Cookies\default@5[2].txt
C:\WINDOWS\Cookies\default@overture[4].txt
C:\WINDOWS\Cookies\default@azjmp[1].txt
C:\WINDOWS\Cookies\default@bluestreak[2].txt
C:\WINDOWS\Cookies\default@ehg-dig.hitbox[2].txt
C:\WINDOWS\Cookies\default@insightfirst[2].txt
C:\WINDOWS\Cookies\default@fastclick[1].txt
C:\WINDOWS\Cookies\default@windowsmedia[1].txt
C:\WINDOWS\Cookies\default@tracking[2].txt
C:\WINDOWS\Cookies\default@344[1].txt
C:\WINDOWS\Cookies\default@semdirector.112.2o7[1].txt
C:\WINDOWS\Cookies\default@burstnet[2].txt
C:\WINDOWS\Cookies\default@ad.sensismediasmart.com[2].txt
C:\WINDOWS\Cookies\default@casalemedia[2].txt
C:\WINDOWS\Cookies\default@adserver.adtechus[1].txt
C:\WINDOWS\Cookies\default@pacificpoker[3].txt
C:\WINDOWS\Cookies\default@msnaccountservices.112.2o7[1].txt
C:\WINDOWS\Cookies\default@etype.adbureau[1].txt
C:\WINDOWS\Cookies\default@adopt.euroclick[1].txt
C:\WINDOWS\Cookies\default@www.realcastmedia[1].txt
C:\WINDOWS\Cookies\default@3684752[2].txt
C:\WINDOWS\Cookies\default@adserver.news.com[2].txt
C:\WINDOWS\Cookies\default@adserver.easyad[1].txt
C:\WINDOWS\Cookies\default@statse.webtrendslive[3].txt
C:\WINDOWS\Cookies\default@new-pcp[1].txt
C:\WINDOWS\Cookies\default@optus.112.2o7[1].txt
C:\WINDOWS\Cookies\default@z1.adserver[1].txt
C:\WINDOWS\Cookies\default@counter.123counts[1].txt
C:\WINDOWS\Cookies\default@ads.addynamix[1].txt
C:\WINDOWS\Cookies\default@hc2.humanclick[1].txt
C:\WINDOWS\Cookies\default@ad2.pamedia.com[1].txt
C:\WINDOWS\Cookies\default@trafficvenuedirect[2].txt
C:\WINDOWS\Cookies\default@apnonline.112.2o7[1].txt
C:\WINDOWS\Cookies\default@account.live[3].txt
C:\WINDOWS\Cookies\default@trafficmp[1].txt
C:\WINDOWS\Cookies\default@cgi-bin[2].txt
C:\WINDOWS\Cookies\default@adinterax[1].txt
C:\WINDOWS\Cookies\default@track.adform[2].txt
C:\WINDOWS\Cookies\default@cz3.clickzs[2].txt
C:\WINDOWS\Cookies\default@87506651[1].txt
C:\WINDOWS\Cookies\default@888[1].txt
C:\WINDOWS\Cookies\default@cgi-bin[1].txt
C:\WINDOWS\Cookies\default@spylog[2].txt
C:\WINDOWS\Cookies\default@commission-junction[1].txt
C:\WINDOWS\Cookies\default@cz8.clickzs[1].txt
C:\WINDOWS\Cookies\default@advertising[3].txt
C:\WINDOWS\Cookies\default@counter.hitslink[1].txt
C:\WINDOWS\Cookies\default@revenue[2].txt
C:\WINDOWS\Cookies\default@msnportal.112.2o7[4].txt
C:\WINDOWS\Cookies\default@doubleclick[1].txt
C:\WINDOWS\Cookies\default@hg1.hitbox[2].txt
C:\WINDOWS\Cookies\default@mywebsearch[1].txt
C:\WINDOWS\Cookies\default@ad.trackbar[2].txt
C:\WINDOWS\Cookies\default@hitbox[1].txt
C:\WINDOWS\Cookies\default@belnk[1].txt
C:\WINDOWS\Cookies\default@56081914[2].txt
C:\WINDOWS\Cookies\default@ad[2].txt
C:\WINDOWS\Cookies\default@7[2].txt
C:\WINDOWS\Cookies\default@rocku.adbureau[2].txt
C:\WINDOWS\Cookies\default@tradedoubler[1].txt
C:\WINDOWS\Cookies\default@ssm.directtrack[2].txt
C:\WINDOWS\Cookies\default@1057891207[1].txt
C:\WINDOWS\Cookies\default@tracking.foxnews[2].txt
C:\WINDOWS\Cookies\default@mediaonenetwork[2].txt
C:\WINDOWS\Cookies\default@ehg-groupernetworks.hitbox[1].txt
C:\WINDOWS\Cookies\default@adbrite[3].txt
C:\WINDOWS\Cookies\default@ads.contactmusic[2].txt
C:\WINDOWS\Cookies\default@ehg-nokiafin.hitbox[2].txt
C:\WINDOWS\Cookies\default@scan.antivirus2008scanner[1].txt
C:\WINDOWS\Cookies\default@server.cpmstar[2].txt
C:\WINDOWS\Cookies\default@www.incentaclick[2].txt
C:\WINDOWS\Cookies\default@adtech[1].txt
C:\WINDOWS\Cookies\default@edge.ru4[1].txt
C:\WINDOWS\Cookies\default@1054571031[1].txt
C:\WINDOWS\Cookies\default@insightexpressai[1].txt
C:\WINDOWS\Cookies\default@ad.lookery[1].txt
C:\WINDOWS\Cookies\default@microsoftwlmessengermkt.112.2o7[1].txt
C:\WINDOWS\Cookies\default@tacoda[2].txt
C:\WINDOWS\Cookies\default@mansion.122.2o7[1].txt
C:\WINDOWS\Cookies\default@1070847646[1].txt
C:\WINDOWS\Cookies\default@ads.cnn[2].txt
C:\WINDOWS\Cookies\default@directtrack[1].txt
C:\WINDOWS\Cookies\default@questionmarket[2].txt
C:\WINDOWS\Cookies\default@network.alluremedia.com[2].txt
C:\WINDOWS\Cookies\default@ats[1].txt
C:\WINDOWS\Cookies\default@media6degrees[1].txt
C:\WINDOWS\Cookies\default@kontera[3].txt
C:\WINDOWS\Cookies\default@ad.zanox[3].txt
c:\WINDOWS\Cookies\default@doubleclick[2].txt
c:\WINDOWS\Cookies\default@mediaplex[1].txt
c:\WINDOWS\Cookies\default@overture[1].txt
c:\WINDOWS\Cookies\default@ad.zanox[2].txt
c:\WINDOWS\Cookies\default@advertising[2].txt
c:\WINDOWS\Cookies\default@tribalfusion[1].txt
c:\WINDOWS\Cookies\default@zedo[1].txt
c:\WINDOWS\Cookies\default@webpdp.gator[1].txt
c:\WINDOWS\Cookies\default@webpdp.gator[3].txt
c:\WINDOWS\Cookies\default@webpdp.gator[4].txt
c:\WINDOWS\Cookies\default@free.pornstarunion[1].txt
c:\WINDOWS\Cookies\default@media[6].txt
c:\WINDOWS\Cookies\default@free.pornstarunion[2].txt
c:\WINDOWS\Cookies\default@trafficmp[4].txt
c:\WINDOWS\Cookies\default@questionmarket[1].txt
c:\WINDOWS\Cookies\default@edge.ru4[2].txt
c:\WINDOWS\Cookies\default@hypertracker[2].txt
c:\WINDOWS\Cookies\default@www.theteenstar[1].txt
c:\WINDOWS\Cookies\default@hotlog[1].txt
c:\WINDOWS\Cookies\default@hitbox[2].txt
c:\WINDOWS\Cookies\default@ads.specificpop[1].txt
c:\WINDOWS\Cookies\default@counter13.sextracker[1].txt
c:\WINDOWS\Cookies\default@webpdp.gator[2].txt
c:\WINDOWS\Cookies\default@webpdp.gator[5].txt
c:\WINDOWS\Cookies\default@doubleclick[3].txt
c:\WINDOWS\Cookies\default@overture[3].txt
c:\WINDOWS\Cookies\default@perf.overture[1].txt
c:\WINDOWS\Cookies\default@msnportal.112.2o7[1].txt
c:\WINDOWS\Cookies\default@adinterax[2].txt
c:\WINDOWS\Cookies\default@fastclick[2].txt
c:\WINDOWS\Cookies\default@adopt.euroclick[2].txt
c:\WINDOWS\Cookies\default@casalemedia[1].txt
c:\WINDOWS\Cookies\default@2o7[2].txt
c:\WINDOWS\Cookies\default@accounts[1].txt
c:\WINDOWS\Cookies\default@msnportal.112.2o7[3].txt
c:\WINDOWS\Cookies\default@serving-sys[2].txt
c:\WINDOWS\Cookies\default@specificclick[2].txt
c:\WINDOWS\Cookies\default@ad.yieldmanager[1].txt
c:\WINDOWS\Cookies\default@statcounter[1].txt
c:\WINDOWS\Cookies\default@mediaonenetwork[1].txt
c:\WINDOWS\Cookies\default@ads.addynamix[2].txt
c:\WINDOWS\Cookies\default@richmedia.yahoo[1].txt
c:\WINDOWS\Cookies\default@account.live[2].txt
c:\WINDOWS\Cookies\default@pacificpoker[1].txt
c:\WINDOWS\Cookies\default@bs.serving-sys[2].txt
c:\WINDOWS\Cookies\default@fastclick[3].txt
c:\WINDOWS\Cookies\default@adserver[1].txt
c:\WINDOWS\Cookies\default@serving-sys[3].txt
c:\WINDOWS\Cookies\default@statse.webtrendslive[2].txt
c:\WINDOWS\Cookies\default@adbrite[2].txt
c:\WINDOWS\Cookies\default@revsci[1].txt
c:\WINDOWS\Cookies\default@ad.yieldmanager[3].txt
c:\WINDOWS\Cookies\default@adopt.euroclick[3].txt
c:\WINDOWS\Cookies\default@2o7[1].txt
c:\WINDOWS\Cookies\default@mediaplex[2].txt
c:\WINDOWS\Cookies\default@socialmedia[2].txt
c:\WINDOWS\Cookies\default@statcounter[2].txt
c:\WINDOWS\Cookies\default@mediaonenetwork[3].txt
c:\WINDOWS\Cookies\default@tribalfusion[3].txt
c:\WINDOWS\Cookies\default@kontera[2].txt
c:\WINDOWS\Cookies\default@bs.serving-sys[3].txt

CommonName Toolbar/Browser Helper Object
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\ProgID

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id

Adware.Cydoor
HKU\.DEFAULT\Software\Cydoor
HKLM\Software\Cydoor
HKLM\Software\Cydoor#AdwrCnt

Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\AppInfo
HKLM\Software\Gator.com\AppInfo\DateManager
HKLM\Software\Gator.com\AppInfo\DateManager#event
HKLM\Software\Gator.com\AppInfo\DateManager#timeout_secs_ui
HKLM\Software\Gator.com\AppInfo\DateManager#timeout_secs_full
HKLM\Software\Gator.com\AppInfo\DateManager#lockfiles
HKLM\Software\Gator.com\AppInfo\DateManager#restart
HKLM\Software\Gator.com\Date Manager
HKLM\Software\Gator.com\Date Manager#AppPath
HKLM\Software\Gator.com\Date Manager#LastAutoupdateCall
HKLM\Software\Gator.com\CMEII
HKLM\Software\Gator.com\CMEII#AppHist
HKLM\Software\Gator.com\CMEII#numInst
HKLM\Software\Gator.com\Gator
HKLM\Software\Gator.com\Gator\dyn
HKLM\Software\Gator.com\Gator\dyn\GCH
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#302-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#302-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#302--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#303-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#303-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#303--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#304-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#304-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#304--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#305-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#305-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#305--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#306-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#306-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#306--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#307-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#307-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#311-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#311-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#312-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#312-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#313-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#313-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#314-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#314-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#314--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#315-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#315-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#315--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#316-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#316-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#316--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#321-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#321-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#321--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#322--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#322-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#322-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#323-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#323-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#323--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#324-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#324-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#324--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#326-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#326-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#326--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#327-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#327-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#327--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#328--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#328-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#328-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#329-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#329-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#329--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#330-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#330-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#330--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#331-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#331-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#331--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#332-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#332-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#332--1
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#346-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#346-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#347-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#347-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#348-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#348-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#349-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#349-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#350-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#350-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#300-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#300-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#301-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#301-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#302-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#302-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#302-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#305-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#305-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#311-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#311-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#312-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#312-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#313-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#313-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#314-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#314-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#314-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#321-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#321-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#321-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#326-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#326-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#326-200
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#330-12029
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#330-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#330-200
HKLM\Software\Gator.com\Gator\dyn\GUS
HKLM\Software\Gator.com\Gator\stat
HKLM\Software\Gator.com\Gator\stat#Guid
HKLM\Software\Gator.com\GInternet
HKLM\Software\Gator.com\GInternet\Proxy
HKLM\Software\Gator.com\GInternet\Proxy#Enabled

Adware.MyWebSearch/FunWebProducts
HKU\.DEFAULT\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
HKLM\SOFTWARE\FunWebProducts\PopSwatter
HKLM\SOFTWARE\FunWebProducts\PopSwatter#enabled
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#un
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#Build
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\bar#Visible
HKLM\SOFTWARE\MyWebSearch\bar#Maximized
HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CacheDir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs

Adware.MyWay
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version
HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}
HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version
HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}
HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version

Trojan.NewDotNet
C:\WINDOWS\NEWDOTNET3_36.DLL
C:\WINDOWS\NDNUNINSTALL4_50.EXE
C:\WINDOWS\NDNUNINSTALL4_88.EXE
C:\WINDOWS\NDNUNINSTALL4_94.EXE

Trojan.Gen
C:\WINDOWS\UNIFISH3.EXE

Adware.Lop
C:\PROGRAM FILES\C2MEDIA\SETUP.EXE

peku006
2008-11-28, 12:50
Hi -mandy-83

Please post a fresh hjt log

How is the computer running now?

Thanks peku006

-mandy-83
2008-11-28, 13:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:37 PM, on 11/28/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\WINDOWS\MOTOROLA\SMSERIAL\SM56HLPR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: ynjpmnlqosbvxeoulunj - {7e9c4540-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: rsswblstntr - {7e9c4541-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-AU\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [eaboush] C:\WINDOWS\APPLIC~1\strprlyn.exe -QuieT
O4 - HKLM\..\Run: [win32info] c:\windows\system\win32info.exe /noconnect
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (User 'Default user')
O4 - .DEFAULT Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE (User 'Default user')
O4 - .DEFAULT Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE
O4 - Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .au/search?q=birds+licenses++&ie=ISO-8859-1&hl=en&btnI=I'm+Feeling+Lucky&meta=cr=countryAU: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
O24 - Desktop Component 0: (no name) - file:///C:/My%20Documents/My%20Received%20Files/spidy.gif

--
End of file - 9308 bytes


thanks the computer is running fine now

-mandy-83
2008-11-28, 13:23
when windows starts up it starts searching for a missing shortcut for datemanager :snorkle:

peku006
2008-11-28, 14:11
Hi -mandy-83

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: ynjpmnlqosbvxeoulunj - {7e9c4540-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O3 - Toolbar: rsswblstntr - {7e9c4541-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.ex
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [eaboush] C:\WINDOWS\APPLIC~1\strprlyn.exe -QuieT
O4 - HKLM\..\Run: [win32info] c:\windows\system\win32info.exe /noconnect
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - .DEFAULT Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe (User 'Default user')
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

Now close all windows other than HiJackThis, then click Fix Checked

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked.

Reboot into safe mode.

As soon as your screen goes black after restarting, hold down the F8 key. After a bit, the computer will probably start to beep. At that point, release the F8 key. Eventually, you'll see a menu of choices. Pick Safe Mode.

If that doesn't work, restart and try holding down the Ctrl key when your computer starts. You may see keyboard error messages; ignore them. Hold the Ctrl key down until you see a startup menu.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

DownloadWare
Sqwire
Date Manager

Please delete these folders using Windows Explorer(if present):

C:\Program Files\DownloadWare
C:\Program Files\Sqwire
C:\Program Files\Date Manager

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
C:\windows\system\win32info.exe
C:\WINDOWS\APPLICATION DATA\strprlyn.exe
C:\WINDOWS\FVProtect.exe

After that, Reboot.

With that done, please post back with a fresh HiJackThis log. Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Thanks peku006

-mandy-83
2008-11-30, 07:53
:bighug:
The computer is still running fine and no longer starts searching for the missing shortcut for date manager. I had no problems at all with your instructions, I am also very grateful for all your time and help. Thank you.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:46 PM, on 11/30/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\WINDOWS\MOTOROLA\SMSERIAL\SM56HLPR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-AU\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (User 'Default user')
O4 - .DEFAULT Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE
O4 - Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .au/search?q=birds+licenses++&ie=ISO-8859-1&hl=en&btnI=I'm+Feeling+Lucky&meta=cr=countryAU: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
O24 - Desktop Component 0: (no name) - file:///C:/My%20Documents/My%20Received%20Files/spidy.gif

--
End of file - 7981 bytes

peku006
2008-11-30, 10:27
Hi -mandy-83

you're running Windows 98 and that platform is no longer supported by MS , and will not be updated.
I strongly suggest you upgrade to Win XP

Read here for more info

End of support for Windows 98, Windows Me (http://www.microsoft.com/windows/support/endofsupport.mspx)

How to prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below


O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - Startup: PowerReg Scheduler.exe

Now close all windows other than HiJackThis, then click Fix Checked

please post back with a fresh HiJackThis log

Thanks peku006

tashi
2008-12-05, 00:46
This topic has been archived due to inactivity.

As it has been five days or more since your last post, and your helper posted a response to which you did not reply, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.

Thank you peku006. :)