Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Help me

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Exclamation Help me

    Can somebody please help me? I found this and am not sure what to do about it. Can i fix this?
    Thanks
    Xupiter.Sqwire: [SBI $84BD0F3D] Executable (File, nothing done)
    C:\WINDOWS\Downloaded Program Files\SQInstaller.exe

    Xupiter.Sqwire: [SBI $C17D134A] Library (File, nothing done)
    C:\Program Files\Sqwire\s.dll

    Xupiter.Sqwire: [SBI $DC7823F2] Library (File, nothing done)
    C:\Program Files\Sqwire\t.dll

    Xupiter.Sqwire: [SBI $1724F057] Library (File, nothing done)
    C:\Program Files\Sqwire\u.dll

    Xupiter.Sqwire: [SBI $E32D9785] Autorun settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQUpdatesChecker

    Xupiter.Sqwire: [SBI $A84E29F8] Autorun settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQConfigChecker

    Xupiter.Sqwire: [SBI $639BF6BE] Search hook (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}
    Xupiter.Sqwire: [SBI $28CC686B] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\AID

    Xupiter.Sqwire: [SBI $20F91614] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Check CFG At

    Xupiter.Sqwire: [SBI $1D9A32A7] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Check Updates At

    Xupiter.Sqwire: [SBI $F669F27D] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\CustomizeSearch

    Xupiter.Sqwire: [SBI $E006F1C9] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\DOMAIN

    Xupiter.Sqwire: [SBI $ABB3DD02] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Download:SQCampaign.dat

    Xupiter.Sqwire: [SBI $E84DD4A9] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Download:SQDesktop.dat

    Xupiter.Sqwire: [SBI $F6C12EBF] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Download:SQMenu.dat

    Xupiter.Sqwire: [SBI $6C93B23F] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Download:SQUpdate.dat

    Xupiter.Sqwire: [SBI $73C3E21C] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Download:SQUpdatesChecker

    Xupiter.Sqwire: [SBI $EA233170] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Feedback:install

    Xupiter.Sqwire: [SBI $32424738] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Homepage

    Xupiter.Sqwire: [SBI $99963767] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Installation Folder

    Xupiter.Sqwire: [SBI $902A6DB7] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\SearchAssistant

    Xupiter.Sqwire: [SBI $D2DCF77F] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\SID

    Xupiter.Sqwire: [SBI $56745507] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\ACCEPT

    Xupiter.Sqwire: [SBI $0D766F05] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Download:SQInstaller

    Xupiter.Sqwire: [SBI $E4ACF398] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Exes List

    Xupiter.Sqwire: [SBI $78B40ECC] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Feedback:download

    Xupiter.Sqwire: [SBI $ECB69883] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Icons List

    Xupiter.Sqwire: [SBI $57F4C59D] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\IE Activity

    Xupiter.Sqwire: [SBI $D558BE2F] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Links List

    Xupiter.Sqwire: [SBI $F547A5E6] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\OLD_SEARCH_HOOKS_CURRENT

    Xupiter.Sqwire: [SBI $665A3110] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\SQTempFolder

    Xupiter.Sqwire: [SBI $299DE488] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\SQ\Updates List

    Xupiter.Sqwire: [SBI $6856FB1B] Interface (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Interface\{D686DB39-659A-491A-A35C-60B99495C16E}

    Xupiter.Sqwire: [SBI $3AD6F68C] Root class (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SQToolbar.Band

    Xupiter.Sqwire: [SBI $3AD6F68C] Root class (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SQToolbar.Band.1

    Xupiter.Sqwire: [SBI $A8792D8F] Root class (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XTSearch.XTSearchHook

    Xupiter.Sqwire: [SBI $A8792D8F] Root class (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XTSearch.XTSearchHook.1

    Xupiter.Sqwire: [SBI $4ACA6649] IE toolbar (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{57E69D5A-6539-4d7d-9637-775DE8A385B4}

    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)


    Xupiter.Sqwire: Bookmark (Opera 7+: Default) (Bookmark, nothing done)

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and Welcome to the forums!

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:

    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Please continue to respond until I give you the "All Clear"

    If you follow these instructions, everything should go smoothly.

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default mandy-help me

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:27:01 PM, on 11/22/08
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
    C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
    C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
    C:\WINDOWS\MOTOROLA\SMSERIAL\SM56HLPR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
    C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    O2 - BHO: ynjpmnlqosbvxeoulunj - {7e9c4540-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
    O3 - Toolbar: rsswblstntr - {7e9c4541-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-AU\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
    O4 - HKLM\..\Run: [eaboush] C:\WINDOWS\APPLIC~1\strprlyn.exe -QuieT
    O4 - HKLM\..\Run: [win32info] c:\windows\system\win32info.exe /noconnect
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
    O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\SYSTEM\nfomon\nfomon.exe
    O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE /Upgrade
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
    O4 - .DEFAULT Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe (User 'Default user')
    O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
    O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE
    O4 - Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE
    O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
    O4 - Startup: PowerReg Scheduler.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .au/search?q=birds+licenses++&ie=ISO-8859-1&hl=en&btnI=I'm+Feeling+Lucky&meta=cr=countryAU: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://203.166.19.20/quickdl/proclaim/NSupd9x.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.exe
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O24 - Desktop Component 0: (no name) - file:///C:/My%20Documents/My%20Received%20Files/spidy.gif

    --
    End of file - 9614 bytes

    Thanks

  4. #4
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi -mandy-83

    1 - Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2

    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.

    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    On the Scanner tab:
    • Make sure the "Perform full scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.

    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found here:

      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    • Copy and paste the contents of that report in your next reply and exit MBAM.


    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    2 - download and run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)


    3 - Status Check
    Please reply with

    1.the logs from RSIT (log.txt ,info.txt)
    2. the Malwarebytes' Anti-Malware Log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  5. #5
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default help me

    Hi i am having a problem, i downloaded Malwarebytes' Anti-Malware but i cannot install it because i only have windows 98 second edition but windows nt 4.0 or later is required. Is there anything else i can do?

  6. #6
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi -mandy-83

    Please download and run RSIT
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  7. #7
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default help me


    Hi thanks for all your help. I downloaded RSIT to my desktop but it won't even open.

  8. #8
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi -mandy-83

    Post Uninstall list

    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #9
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default


    Adobe Acrobat 5.0
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    America Online
    AOL Coach Version 1.0(Build:20011028.1)
    b3d Projector
    Date Manager
    Enhanced MediaLoads
    HijackThis 2.0.2
    JumpStart Artist
    LiveReg (Symantec Corporation)
    LiveUpdate 1.6 (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    MediaLoads Installer
    Messenger Plus!
    Microsoft Encarta 98 Encyclopedia
    Microsoft Internet Explorer 6 SP1 and Internet Tools
    Microsoft Office
    Microsoft Windows 98 Starts Here
    Motorola SM56 Modem uninstall
    Mr. Potato Head Uninstaller
    MSN Messenger 6.0
    MSN Messenger 7.0
    MSN Toolbar
    Network Play System (Patching)
    Norton AntiVirus 2001
    NTI CD-Maker 2000 Plus
    NTI DriveBackup!
    NTI FileCD
    Oozic Player
    Opera 9.25
    Pac-Man Adventures in Time
    QuickTime
    RealPlayer Basic
    RollerCoaster Tycoon
    SimPark
    Spybot - Search & Destroy
    Theme Park World
    Uninstall InControl Tools 98
    Viewpoint Media Player (Remove Only)
    WebDP 2.07
    win32info
    Windows tools by Hotbar

    Thanks

  10. #10
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi -mandy-83

    PLEASE DOWNLOAD AND RUN SUPERANTISPYWARE

    Please download SUPERAntiSpyware Home Edition (free)

    Install it and double-click the icon on your desktop to run it.
    It will ask if you want to update the program definitions. Click Yes.
    Under Configuration and Preferences, click the Preferences button.
    Click the Scanning Control tab.
    Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Ignore System Restore/Volume Information on ME and XP
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.

    On the main screen, under Scan for Harmful Software, click Scan your computer.
    On the left check C:\Fixed Drive.
    On the right, under Complete Scan, choose Perform Complete Scan.
    Click Next to start the scan. Please be patient while it scans your computer.
    After the scan is complete a summary box will appear. Click OK.
    Make sure everything in the white box has a check next to it, then click Next.
    It will quarantine what it found and if it asks if you want to reboot, click Yes.

    To retrieve the removal information - please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences . Click the Statistics/Logs tab .
    • Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything , then right-click and choose copy.
    • Click close and close again to exit the program.

    Paste the Super Antispyware log here.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •