-
Help me
Can somebody please help me? I found this and am not sure what to do about it. Can i fix this?
Thanks
:scratch:Xupiter.Sqwire: [SBI $84BD0F3D] Executable (File, nothing done)
C:\WINDOWS\Downloaded Program Files\SQInstaller.exe
Xupiter.Sqwire: [SBI $C17D134A] Library (File, nothing done)
C:\Program Files\Sqwire\s.dll
Xupiter.Sqwire: [SBI $DC7823F2] Library (File, nothing done)
C:\Program Files\Sqwire\t.dll
Xupiter.Sqwire: [SBI $1724F057] Library (File, nothing done)
C:\Program Files\Sqwire\u.dll
Xupiter.Sqwire: [SBI $E32D9785] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQUpdatesChecker
Xupiter.Sqwire: [SBI $A84E29F8] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQConfigChecker
Xupiter.Sqwire: [SBI $639BF6BE] Search hook (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}
Xupiter.Sqwire: [SBI $28CC686B] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\AID
Xupiter.Sqwire: [SBI $20F91614] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Check CFG At
Xupiter.Sqwire: [SBI $1D9A32A7] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Check Updates At
Xupiter.Sqwire: [SBI $F669F27D] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\CustomizeSearch
Xupiter.Sqwire: [SBI $E006F1C9] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\DOMAIN
Xupiter.Sqwire: [SBI $ABB3DD02] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQCampaign.dat
Xupiter.Sqwire: [SBI $E84DD4A9] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQDesktop.dat
Xupiter.Sqwire: [SBI $F6C12EBF] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQMenu.dat
Xupiter.Sqwire: [SBI $6C93B23F] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQUpdate.dat
Xupiter.Sqwire: [SBI $73C3E21C] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQUpdatesChecker
Xupiter.Sqwire: [SBI $EA233170] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Feedback:install
Xupiter.Sqwire: [SBI $32424738] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Homepage
Xupiter.Sqwire: [SBI $99963767] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Installation Folder
Xupiter.Sqwire: [SBI $902A6DB7] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\SearchAssistant
Xupiter.Sqwire: [SBI $D2DCF77F] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\SID
Xupiter.Sqwire: [SBI $56745507] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\ACCEPT
Xupiter.Sqwire: [SBI $0D766F05] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Download:SQInstaller
Xupiter.Sqwire: [SBI $E4ACF398] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Exes List
Xupiter.Sqwire: [SBI $78B40ECC] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Feedback:download
Xupiter.Sqwire: [SBI $ECB69883] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Icons List
Xupiter.Sqwire: [SBI $57F4C59D] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\IE Activity
Xupiter.Sqwire: [SBI $D558BE2F] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Links List
Xupiter.Sqwire: [SBI $F547A5E6] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\OLD_SEARCH_HOOKS_CURRENT
Xupiter.Sqwire: [SBI $665A3110] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\SQTempFolder
Xupiter.Sqwire: [SBI $299DE488] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\SQ\Updates List
Xupiter.Sqwire: [SBI $6856FB1B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D686DB39-659A-491A-A35C-60B99495C16E}
Xupiter.Sqwire: [SBI $3AD6F68C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SQToolbar.Band
Xupiter.Sqwire: [SBI $3AD6F68C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SQToolbar.Band.1
Xupiter.Sqwire: [SBI $A8792D8F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XTSearch.XTSearchHook
Xupiter.Sqwire: [SBI $A8792D8F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XTSearch.XTSearchHook.1
Xupiter.Sqwire: [SBI $4ACA6649] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{57E69D5A-6539-4d7d-9637-775DE8A385B4}
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)
-
Hello and Welcome to the forums!
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
Click here to download HJTInstall.exe
- Save HJTInstall.exe to your desktop.
- Doubleclick on the HJTInstall.exe icon on your desktop.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and Paste the log in your next reply.
- DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
- DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Thanks peku006
-
mandy-help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:01 PM, on 11/22/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
C:\WINDOWS\MOTOROLA\SMSERIAL\SM56HLPR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
O2 - BHO: ynjpmnlqosbvxeoulunj - {7e9c4540-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: rsswblstntr - {7e9c4541-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-AU\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [eaboush] C:\WINDOWS\APPLIC~1\strprlyn.exe -QuieT
O4 - HKLM\..\Run: [win32info] c:\windows\system\win32info.exe /noconnect
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\SYSTEM\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE /Upgrade
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - .DEFAULT Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE (User 'Default user')
O4 - .DEFAULT Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE
O4 - Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .au/search?q=birds+licenses++&ie=ISO-8859-1&hl=en&btnI=I'm+Feeling+Lucky&meta=cr=countryAU: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://203.166.19.20/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O24 - Desktop Component 0: (no name) - file:///C:/My%20Documents/My%20Received%20Files/spidy.gif
--
End of file - 9614 bytes
Thanks:bigthumb:
-
Hi -mandy-83
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.- If an update is found, the program will automatically update itself.
- Press the OK button to close that box and continue.
- If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform full scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
- Click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt - Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
- Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
-
help me
:spider: Hi i am having a problem, i downloaded Malwarebytes' Anti-Malware but i cannot install it because i only have windows 98 second edition but windows nt 4.0 or later is required. Is there anything else i can do?
-
Hi -mandy-83
Please download and run RSIT
-
help me
:cowboy:
Hi thanks for all your help. I downloaded RSIT to my desktop but it won't even open.
-
Hi -mandy-83
Post Uninstall list
- Open HijackThis.
- Click on the Open the Misc Tools section button.
- Look under System tools.
- Click on the Open Uninstall Manager... button.
- Click on the Save list... button.
- It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
- Notepad will open. Please post this log in your next reply.
-
:wink:
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
America Online
AOL Coach Version 1.0(Build:20011028.1)
b3d Projector
Date Manager
Enhanced MediaLoads
HijackThis 2.0.2
JumpStart Artist
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
MediaLoads Installer
Messenger Plus!
Microsoft Encarta 98 Encyclopedia
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office
Microsoft Windows 98 Starts Here
Motorola SM56 Modem uninstall
Mr. Potato Head Uninstaller
MSN Messenger 6.0
MSN Messenger 7.0
MSN Toolbar
Network Play System (Patching)
Norton AntiVirus 2001
NTI CD-Maker 2000 Plus
NTI DriveBackup!
NTI FileCD
Oozic Player
Opera 9.25
Pac-Man Adventures in Time
QuickTime
RealPlayer Basic
RollerCoaster Tycoon
SimPark
Spybot - Search & Destroy
Theme Park World
Uninstall InControl Tools 98
Viewpoint Media Player (Remove Only)
WebDP 2.07
win32info
Windows tools by Hotbar
Thanks
-
Hi -mandy-83
PLEASE DOWNLOAD AND RUN SUPERANTISPYWARE
Please download SUPERAntiSpyware Home Edition (free)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions. Click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quarantining.
- Ignore System Restore/Volume Information on ME and XP
- Please leave the others unchecked.
- Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software, click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information - please do the following:
- After reboot, double-click the SUPERAntispyware icon on your desktop.
- Click Preferences . Click the Statistics/Logs tab .
- Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
- It will open in your default text editor (such as Notepad/Wordpad).
- Please highlight everything , then right-click and choose copy.
- Click close and close again to exit the program.
Paste the Super Antispyware log here.