Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Help me

  1. #11
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/28/2008 at 03:49 PM

    Application Version : 4.22.1014

    Core Rules Database Version : 3654
    Trace Rules Database Version: 1636

    Scan type : Complete Scan
    Total Scan Time : 00:44:38

    Memory items scanned : 180
    Memory threats detected : 3
    Registry items scanned : 2131
    Registry threats detected : 301
    File items scanned : 31429
    File threats detected : 226

    Adware.DelFin Project
    C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
    C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
    C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
    C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
    [Nfo] C:\WINDOWS\SYSTEM\NFOMON\NFOMON.EXE
    [vidmon] C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
    C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\REMOVEWEBDP.EXE

    DateManager
    C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
    C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE

    Adware.HotBar (Low Risk)
    [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
    C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
    C:\WINDOWS\SYSTEM\HBINST.EXE
    C:\PROGRAM FILES\HOTBAR\BIN\HBINST.EXE

    Adware.MediaLoads
    HKLM\Software\Classes\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\ProgID
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\VersionIndependentProgID
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\Programmable
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\InprocServer32
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}\TypeLib
    HKCR\MP.MediaPops.1
    HKCR\MP.MediaPops.1\CLSID
    HKCR\MP.MediaPops
    HKCR\MP.MediaPops\CLSID
    HKCR\MP.MediaPops\CurVer
    HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}
    HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0
    HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\FLAGS
    HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\0
    HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\0\win32
    HKCR\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}\1.0\HELPDIR
    C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}
    HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\ProxyStubClsid
    HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\ProxyStubClsid32
    HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\TypeLib
    HKCR\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\TypeLib#Version

    Adware.Xupiter
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{57E69D5A-6539-4d7d-9637-775DE8A385B4}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB}

    Trojan.Unclassified-Packed/Suspicious
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\ProgID
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\VersionIndependentProgID
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Programmable
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\InprocServer32
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\InprocServer32#ThreadingModel
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Control
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Insertable
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\ToolboxBitmap32
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\MiscStatus
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\MiscStatus\1
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\TypeLib
    HKCR\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}\Version
    HKCR\NSUpdateLite.NSUpdateLiteCtrl.1
    HKCR\NSUpdateLite.NSUpdateLiteCtrl.1\CLSID
    HKCR\NSUpdateLite.NSUpdateLiteCtrl.1\Insertable
    HKCR\NSUpdateLite.NSUpdateLiteCtrl
    HKCR\NSUpdateLite.NSUpdateLiteCtrl\CLSID
    HKCR\NSUpdateLite.NSUpdateLiteCtrl\CurVer
    HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}
    HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0
    HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\FLAGS
    HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\0
    HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\0\win32
    HKCR\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}\1.0\HELPDIR
    C:\WINDOWS\SYSTEM\NSUPDATE.DLL
    HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}
    HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid
    HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid32
    HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\TypeLib
    HKCR\Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}\TypeLib#Version
    HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}
    HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid
    HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\ProxyStubClsid32
    HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\TypeLib
    HKCR\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}\TypeLib#Version

    Adware.Tracking Cookie
    C:\WINDOWS\Cookies\default@videoegg.adbureau[2].txt
    C:\WINDOWS\Cookies\default@specificclick[3].txt
    C:\WINDOWS\Cookies\default@ehg-proflowers.hitbox[2].txt
    C:\WINDOWS\Cookies\default@ads.apn.co[2].txt
    C:\WINDOWS\Cookies\default@ad[1].txt
    C:\WINDOWS\Cookies\default@media.mtvnservices[2].txt
    C:\WINDOWS\Cookies\default@perf.overture[3].txt
    C:\WINDOWS\Cookies\default@www.windowsmedia[1].txt
    C:\WINDOWS\Cookies\default@dcsew60m1oifwznbkznc6j9ix_5x7j[1].txt
    C:\WINDOWS\Cookies\default@realmedia[1].txt
    C:\WINDOWS\Cookies\default@atwola[2].txt
    C:\WINDOWS\Cookies\default@xxxtoolbar[2].txt
    C:\WINDOWS\Cookies\default@myaccount.centrelink.gov[1].txt
    C:\WINDOWS\Cookies\default@0[2].txt
    C:\WINDOWS\Cookies\default@www.teenagehumor[2].txt
    C:\WINDOWS\Cookies\default@dealtime[1].txt
    C:\WINDOWS\Cookies\default@crackle[1].txt
    C:\WINDOWS\Cookies\default@bs.serving-sys[1].txt
    C:\WINDOWS\Cookies\default@tracker.mediatracker.co[1].txt
    C:\WINDOWS\Cookies\default@cassava[1].txt
    C:\WINDOWS\Cookies\default@ads.adsag[1].txt
    C:\WINDOWS\Cookies\default@qksrv[1].txt
    C:\WINDOWS\Cookies\default@2[2].txt
    C:\WINDOWS\Cookies\default@276[2].txt
    C:\WINDOWS\Cookies\default@a.as-us.falkag[2].txt
    C:\WINDOWS\Cookies\default@linksynergy[1].txt
    C:\WINDOWS\Cookies\default@socialmedia[1].txt
    C:\WINDOWS\Cookies\default@script[2].txt
    C:\WINDOWS\Cookies\default@ehg-bskyb.hitbox[2].txt
    C:\WINDOWS\Cookies\default@1070207279[1].txt
    C:\WINDOWS\Cookies\default@zedo[3].txt
    C:\WINDOWS\Cookies\default@ads.pointroll[1].txt
    C:\WINDOWS\Cookies\default@6[1].txt
    C:\WINDOWS\Cookies\default@valueclick[1].txt
    C:\WINDOWS\Cookies\default@0[3].txt
    C:\WINDOWS\Cookies\default@ehg-electricbusiness.hitbox[1].txt
    C:\WINDOWS\Cookies\default@www.popuptraffic[2].txt
    C:\WINDOWS\Cookies\default@www.ezytrack[1].txt
    C:\WINDOWS\Cookies\default@tribalfusion[2].txt
    C:\WINDOWS\Cookies\default@mediaplex[3].txt
    C:\WINDOWS\Cookies\default@2o7[3].txt
    C:\WINDOWS\Cookies\default@tracking.thunderdownloads[2].txt
    C:\WINDOWS\Cookies\default@incentaclick[2].txt
    C:\WINDOWS\Cookies\default@cz6.clickzs[1].txt
    C:\WINDOWS\Cookies\default@www.trafficbeamer[2].txt
    C:\WINDOWS\Cookies\default@websponsors[2].txt
    C:\WINDOWS\Cookies\default@atdmt[1].txt
    C:\WINDOWS\Cookies\default@as-us.falkag[2].txt
    C:\WINDOWS\Cookies\default@clickbank[1].txt
    C:\WINDOWS\Cookies\default@statcounter[4].txt
    C:\WINDOWS\Cookies\default@maxserving[1].txt
    C:\WINDOWS\Cookies\default@ads.x10[1].txt
    C:\WINDOWS\Cookies\default@serving-sys[4].txt
    C:\WINDOWS\Cookies\default@353[1].txt
    C:\WINDOWS\Cookies\default@ehg-attenza.hitbox[2].txt
    C:\WINDOWS\Cookies\default@as1.falkag[2].txt
    C:\WINDOWS\Cookies\default@e-2dj6wflokhcjilo.stats.esomniture[2].txt
    C:\WINDOWS\Cookies\default@www.burstnet[1].txt
    C:\WINDOWS\Cookies\default@stat.dealtime[2].txt
    C:\WINDOWS\Cookies\default@revsci[3].txt
    C:\WINDOWS\Cookies\default@ad.yieldmanager[4].txt
    C:\WINDOWS\Cookies\default@media.sensis.com[2].txt
    C:\WINDOWS\Cookies\default@5[2].txt
    C:\WINDOWS\Cookies\default@overture[4].txt
    C:\WINDOWS\Cookies\default@azjmp[1].txt
    C:\WINDOWS\Cookies\default@bluestreak[2].txt
    C:\WINDOWS\Cookies\default@ehg-dig.hitbox[2].txt
    C:\WINDOWS\Cookies\default@insightfirst[2].txt
    C:\WINDOWS\Cookies\default@fastclick[1].txt
    C:\WINDOWS\Cookies\default@windowsmedia[1].txt
    C:\WINDOWS\Cookies\default@tracking[2].txt
    C:\WINDOWS\Cookies\default@344[1].txt
    C:\WINDOWS\Cookies\default@semdirector.112.2o7[1].txt
    C:\WINDOWS\Cookies\default@burstnet[2].txt
    C:\WINDOWS\Cookies\default@ad.sensismediasmart.com[2].txt
    C:\WINDOWS\Cookies\default@casalemedia[2].txt
    C:\WINDOWS\Cookies\default@adserver.adtechus[1].txt
    C:\WINDOWS\Cookies\default@pacificpoker[3].txt
    C:\WINDOWS\Cookies\default@msnaccountservices.112.2o7[1].txt
    C:\WINDOWS\Cookies\default@etype.adbureau[1].txt
    C:\WINDOWS\Cookies\default@adopt.euroclick[1].txt
    C:\WINDOWS\Cookies\default@www.realcastmedia[1].txt
    C:\WINDOWS\Cookies\default@3684752[2].txt
    C:\WINDOWS\Cookies\default@adserver.news.com[2].txt
    C:\WINDOWS\Cookies\default@adserver.easyad[1].txt
    C:\WINDOWS\Cookies\default@statse.webtrendslive[3].txt
    C:\WINDOWS\Cookies\default@new-pcp[1].txt
    C:\WINDOWS\Cookies\default@optus.112.2o7[1].txt
    C:\WINDOWS\Cookies\default@z1.adserver[1].txt
    C:\WINDOWS\Cookies\default@counter.123counts[1].txt
    C:\WINDOWS\Cookies\default@ads.addynamix[1].txt
    C:\WINDOWS\Cookies\default@hc2.humanclick[1].txt
    C:\WINDOWS\Cookies\default@ad2.pamedia.com[1].txt
    C:\WINDOWS\Cookies\default@trafficvenuedirect[2].txt
    C:\WINDOWS\Cookies\default@apnonline.112.2o7[1].txt
    C:\WINDOWS\Cookies\default@account.live[3].txt
    C:\WINDOWS\Cookies\default@trafficmp[1].txt
    C:\WINDOWS\Cookies\default@cgi-bin[2].txt
    C:\WINDOWS\Cookies\default@adinterax[1].txt
    C:\WINDOWS\Cookies\default@track.adform[2].txt
    C:\WINDOWS\Cookies\default@cz3.clickzs[2].txt
    C:\WINDOWS\Cookies\default@87506651[1].txt
    C:\WINDOWS\Cookies\default@888[1].txt
    C:\WINDOWS\Cookies\default@cgi-bin[1].txt
    C:\WINDOWS\Cookies\default@spylog[2].txt
    C:\WINDOWS\Cookies\default@commission-junction[1].txt
    C:\WINDOWS\Cookies\default@cz8.clickzs[1].txt
    C:\WINDOWS\Cookies\default@advertising[3].txt
    C:\WINDOWS\Cookies\default@counter.hitslink[1].txt
    C:\WINDOWS\Cookies\default@revenue[2].txt
    C:\WINDOWS\Cookies\default@msnportal.112.2o7[4].txt
    C:\WINDOWS\Cookies\default@doubleclick[1].txt
    C:\WINDOWS\Cookies\default@hg1.hitbox[2].txt
    C:\WINDOWS\Cookies\default@mywebsearch[1].txt
    C:\WINDOWS\Cookies\default@ad.trackbar[2].txt
    C:\WINDOWS\Cookies\default@hitbox[1].txt
    C:\WINDOWS\Cookies\default@belnk[1].txt
    C:\WINDOWS\Cookies\default@56081914[2].txt
    C:\WINDOWS\Cookies\default@ad[2].txt
    C:\WINDOWS\Cookies\default@7[2].txt
    C:\WINDOWS\Cookies\default@rocku.adbureau[2].txt
    C:\WINDOWS\Cookies\default@tradedoubler[1].txt
    C:\WINDOWS\Cookies\default@ssm.directtrack[2].txt
    C:\WINDOWS\Cookies\default@1057891207[1].txt
    C:\WINDOWS\Cookies\default@tracking.foxnews[2].txt
    C:\WINDOWS\Cookies\default@mediaonenetwork[2].txt
    C:\WINDOWS\Cookies\default@ehg-groupernetworks.hitbox[1].txt
    C:\WINDOWS\Cookies\default@adbrite[3].txt
    C:\WINDOWS\Cookies\default@ads.contactmusic[2].txt
    C:\WINDOWS\Cookies\default@ehg-nokiafin.hitbox[2].txt
    C:\WINDOWS\Cookies\default@scan.antivirus2008scanner[1].txt
    C:\WINDOWS\Cookies\default@server.cpmstar[2].txt
    C:\WINDOWS\Cookies\default@www.incentaclick[2].txt
    C:\WINDOWS\Cookies\default@adtech[1].txt
    C:\WINDOWS\Cookies\default@edge.ru4[1].txt
    C:\WINDOWS\Cookies\default@1054571031[1].txt
    C:\WINDOWS\Cookies\default@insightexpressai[1].txt
    C:\WINDOWS\Cookies\default@ad.lookery[1].txt
    C:\WINDOWS\Cookies\default@microsoftwlmessengermkt.112.2o7[1].txt
    C:\WINDOWS\Cookies\default@tacoda[2].txt
    C:\WINDOWS\Cookies\default@mansion.122.2o7[1].txt
    C:\WINDOWS\Cookies\default@1070847646[1].txt
    C:\WINDOWS\Cookies\default@ads.cnn[2].txt
    C:\WINDOWS\Cookies\default@directtrack[1].txt
    C:\WINDOWS\Cookies\default@questionmarket[2].txt
    C:\WINDOWS\Cookies\default@network.alluremedia.com[2].txt
    C:\WINDOWS\Cookies\default@ats[1].txt
    C:\WINDOWS\Cookies\default@media6degrees[1].txt
    C:\WINDOWS\Cookies\default@kontera[3].txt
    C:\WINDOWS\Cookies\default@ad.zanox[3].txt
    c:\WINDOWS\Cookies\default@doubleclick[2].txt
    c:\WINDOWS\Cookies\default@mediaplex[1].txt
    c:\WINDOWS\Cookies\default@overture[1].txt
    c:\WINDOWS\Cookies\default@ad.zanox[2].txt
    c:\WINDOWS\Cookies\default@advertising[2].txt
    c:\WINDOWS\Cookies\default@tribalfusion[1].txt
    c:\WINDOWS\Cookies\default@zedo[1].txt
    c:\WINDOWS\Cookies\default@webpdp.gator[1].txt
    c:\WINDOWS\Cookies\default@webpdp.gator[3].txt
    c:\WINDOWS\Cookies\default@webpdp.gator[4].txt
    c:\WINDOWS\Cookies\default@free.pornstarunion[1].txt
    c:\WINDOWS\Cookies\default@media[6].txt
    c:\WINDOWS\Cookies\default@free.pornstarunion[2].txt
    c:\WINDOWS\Cookies\default@trafficmp[4].txt
    c:\WINDOWS\Cookies\default@questionmarket[1].txt
    c:\WINDOWS\Cookies\default@edge.ru4[2].txt
    c:\WINDOWS\Cookies\default@hypertracker[2].txt
    c:\WINDOWS\Cookies\default@www.theteenstar[1].txt
    c:\WINDOWS\Cookies\default@hotlog[1].txt
    c:\WINDOWS\Cookies\default@hitbox[2].txt
    c:\WINDOWS\Cookies\default@ads.specificpop[1].txt
    c:\WINDOWS\Cookies\default@counter13.sextracker[1].txt
    c:\WINDOWS\Cookies\default@webpdp.gator[2].txt
    c:\WINDOWS\Cookies\default@webpdp.gator[5].txt
    c:\WINDOWS\Cookies\default@doubleclick[3].txt
    c:\WINDOWS\Cookies\default@overture[3].txt
    c:\WINDOWS\Cookies\default@perf.overture[1].txt
    c:\WINDOWS\Cookies\default@msnportal.112.2o7[1].txt
    c:\WINDOWS\Cookies\default@adinterax[2].txt
    c:\WINDOWS\Cookies\default@fastclick[2].txt
    c:\WINDOWS\Cookies\default@adopt.euroclick[2].txt
    c:\WINDOWS\Cookies\default@casalemedia[1].txt
    c:\WINDOWS\Cookies\default@2o7[2].txt
    c:\WINDOWS\Cookies\default@accounts[1].txt
    c:\WINDOWS\Cookies\default@msnportal.112.2o7[3].txt
    c:\WINDOWS\Cookies\default@serving-sys[2].txt
    c:\WINDOWS\Cookies\default@specificclick[2].txt
    c:\WINDOWS\Cookies\default@ad.yieldmanager[1].txt
    c:\WINDOWS\Cookies\default@statcounter[1].txt
    c:\WINDOWS\Cookies\default@mediaonenetwork[1].txt
    c:\WINDOWS\Cookies\default@ads.addynamix[2].txt
    c:\WINDOWS\Cookies\default@richmedia.yahoo[1].txt
    c:\WINDOWS\Cookies\default@account.live[2].txt
    c:\WINDOWS\Cookies\default@pacificpoker[1].txt
    c:\WINDOWS\Cookies\default@bs.serving-sys[2].txt
    c:\WINDOWS\Cookies\default@fastclick[3].txt
    c:\WINDOWS\Cookies\default@adserver[1].txt
    c:\WINDOWS\Cookies\default@serving-sys[3].txt
    c:\WINDOWS\Cookies\default@statse.webtrendslive[2].txt
    c:\WINDOWS\Cookies\default@adbrite[2].txt
    c:\WINDOWS\Cookies\default@revsci[1].txt
    c:\WINDOWS\Cookies\default@ad.yieldmanager[3].txt
    c:\WINDOWS\Cookies\default@adopt.euroclick[3].txt
    c:\WINDOWS\Cookies\default@2o7[1].txt
    c:\WINDOWS\Cookies\default@mediaplex[2].txt
    c:\WINDOWS\Cookies\default@socialmedia[2].txt
    c:\WINDOWS\Cookies\default@statcounter[2].txt
    c:\WINDOWS\Cookies\default@mediaonenetwork[3].txt
    c:\WINDOWS\Cookies\default@tribalfusion[3].txt
    c:\WINDOWS\Cookies\default@kontera[2].txt
    c:\WINDOWS\Cookies\default@bs.serving-sys[3].txt

    CommonName Toolbar/Browser Helper Object
    HKCR\CLSID\{00000000-0000-0000-0000-000000000000}
    HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32
    HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\ProgID

    Adware.WhenU
    HKCR\WUSN.1
    HKCR\WUSN.1#WUSN_Id

    Adware.Cydoor
    HKU\.DEFAULT\Software\Cydoor
    HKLM\Software\Cydoor
    HKLM\Software\Cydoor#AdwrCnt

    Adware.GAIN/Gator
    HKLM\Software\Gator.com
    HKLM\Software\Gator.com\AppInfo
    HKLM\Software\Gator.com\AppInfo\DateManager
    HKLM\Software\Gator.com\AppInfo\DateManager#event
    HKLM\Software\Gator.com\AppInfo\DateManager#timeout_secs_ui
    HKLM\Software\Gator.com\AppInfo\DateManager#timeout_secs_full
    HKLM\Software\Gator.com\AppInfo\DateManager#lockfiles
    HKLM\Software\Gator.com\AppInfo\DateManager#restart
    HKLM\Software\Gator.com\Date Manager
    HKLM\Software\Gator.com\Date Manager#AppPath
    HKLM\Software\Gator.com\Date Manager#LastAutoupdateCall
    HKLM\Software\Gator.com\CMEII
    HKLM\Software\Gator.com\CMEII#AppHist
    HKLM\Software\Gator.com\CMEII#numInst
    HKLM\Software\Gator.com\Gator
    HKLM\Software\Gator.com\Gator\dyn
    HKLM\Software\Gator.com\Gator\dyn\GCH
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#StartTime
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#OldestTime
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#302-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#302-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#302--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#303-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#303-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#303--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#304-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#304-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#304--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#305-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#305-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#305--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#306-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#306-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#306--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#307-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#307-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#311-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#311-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#312-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#312-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#313-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#313-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#314-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#314-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#314--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#315-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#315-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#315--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#316-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#316-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#316--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#321-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#321-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#321--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#322--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#322-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#322-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#323-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#323-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#323--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#324-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#324-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#324--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#326-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#326-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#326--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#327-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#327-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#327--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#328--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#328-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#328-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#329-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#329-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#329--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#330-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#330-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#330--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#331-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#331-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#331--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#332-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#332-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gs#332--1
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#StartTime
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#OldestTime
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#346-12007
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#346-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#347-12007
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#347-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#348-200
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#348-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#349-12007
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#349-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#350-12007
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatortime#350-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#StartTime
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#OldestTime
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#300-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#300-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#301-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#301-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#302-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#302-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#302-200
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#305-200
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#305-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#311-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#311-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#312-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#312-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#313-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#313-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#314-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#314-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#314-200
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#321-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#321-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#321-200
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#326-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#326-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#326-200
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#330-12029
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#330-bytes
    HKLM\Software\Gator.com\Gator\dyn\GCH\_gatorcme#330-200
    HKLM\Software\Gator.com\Gator\dyn\GUS
    HKLM\Software\Gator.com\Gator\stat
    HKLM\Software\Gator.com\Gator\stat#Guid
    HKLM\Software\Gator.com\GInternet
    HKLM\Software\Gator.com\GInternet\Proxy
    HKLM\Software\Gator.com\GInternet\Proxy#Enabled

    Adware.MyWebSearch/FunWebProducts
    HKU\.DEFAULT\SOFTWARE\FunWebProducts
    HKLM\SOFTWARE\FunWebProducts
    HKLM\SOFTWARE\FunWebProducts\Installer
    HKLM\SOFTWARE\FunWebProducts\Installer#Dir
    HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
    HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
    HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
    HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
    HKLM\SOFTWARE\FunWebProducts\PopSwatter
    HKLM\SOFTWARE\FunWebProducts\PopSwatter#enabled
    HKLM\SOFTWARE\MyWebSearch
    HKLM\SOFTWARE\MyWebSearch\bar
    HKLM\SOFTWARE\MyWebSearch\bar#pid
    HKLM\SOFTWARE\MyWebSearch\bar#un
    HKLM\SOFTWARE\MyWebSearch\bar#Dir
    HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
    HKLM\SOFTWARE\MyWebSearch\bar#sr
    HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
    HKLM\SOFTWARE\MyWebSearch\bar#Id
    HKLM\SOFTWARE\MyWebSearch\bar#Build
    HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
    HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
    HKLM\SOFTWARE\MyWebSearch\bar#Visible
    HKLM\SOFTWARE\MyWebSearch\bar#Maximized
    HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
    HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CacheDir
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
    HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs

    Adware.MyWay
    HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
    HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
    HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
    HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
    HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
    HKLM\Software\MyWay
    HKLM\Software\MyWay\myBar
    HKLM\Software\MyWay\myBar#Dir
    HKLM\Software\MyWay\myBar#ShzmCurInstall
    HKLM\Software\MyWay\myBar#pid
    HKLM\Software\MyWay\myBar#CurInstall
    HKLM\Software\MyWay\myBar#sr
    HKLM\Software\MyWay\myBar#pl
    HKLM\Software\MyWay\myBar#Id
    HKLM\Software\MyWay\myBar#Build
    HKLM\Software\MyWay\myBar#CacheDir
    HKLM\Software\MyWay\myBar#HistoryDir
    HKLM\Software\MyWay\myBar#Visible
    HKLM\Software\MyWay\myBar#Maximized
    HKLM\Software\MyWay\myBar#SettingsDir
    HKLM\Software\MyWay\myBar#ConfigRevisionURL
    HKLM\Software\MyWay\myBar#ConfigDateStamp
    HKLM\Software\MyWay\myBar\partner
    HKLM\Software\MyWay\myBar\partner#bitmap
    HKLM\Software\MyWay\myBar\partner#name
    HKLM\Software\MyWay\myBar\partner#test
    HKLM\Software\MyWay\myBar\partner#PM-Home
    HKLM\Software\MyWay\myBar\partner#PM-Points
    HKLM\Software\MyWay\myBar\partner#PM-Redeem
    HKLM\Software\MyWay\myBar\partner#PM-Wallet
    HKLM\Software\MyWay\myBar\partner#PM-Settings
    HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
    HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
    HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    HKCR\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version
    HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
    HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
    HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    HKCR\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version
    HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
    HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
    HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    HKCR\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version
    HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid
    HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32
    HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    HKCR\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib#Version

    Trojan.NewDotNet
    C:\WINDOWS\NEWDOTNET3_36.DLL
    C:\WINDOWS\NDNUNINSTALL4_50.EXE
    C:\WINDOWS\NDNUNINSTALL4_88.EXE
    C:\WINDOWS\NDNUNINSTALL4_94.EXE

    Trojan.Gen
    C:\WINDOWS\UNIFISH3.EXE

    Adware.Lop
    C:\PROGRAM FILES\C2MEDIA\SETUP.EXE

  2. #12
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi -mandy-83

    Please post a fresh hjt log

    How is the computer running now?

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #13
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:09:37 PM, on 11/28/08
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
    C:\WINDOWS\MOTOROLA\SMSERIAL\SM56HLPR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
    C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\OPERA\OPERA.EXE
    C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
    O2 - BHO: ynjpmnlqosbvxeoulunj - {7e9c4540-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: rsswblstntr - {7e9c4541-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-AU\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
    O4 - HKLM\..\Run: [eaboush] C:\WINDOWS\APPLIC~1\strprlyn.exe -QuieT
    O4 - HKLM\..\Run: [win32info] c:\windows\system\win32info.exe /noconnect
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
    O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
    O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (User 'Default user')
    O4 - .DEFAULT Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe (User 'Default user')
    O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
    O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE
    O4 - Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE
    O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
    O4 - Startup: PowerReg Scheduler.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .au/search?q=birds+licenses++&ie=ISO-8859-1&hl=en&btnI=I'm+Feeling+Lucky&meta=cr=countryAU: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.exe
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
    O24 - Desktop Component 0: (no name) - file:///C:/My%20Documents/My%20Received%20Files/spidy.gif

    --
    End of file - 9308 bytes


    thanks the computer is running fine now

  4. #14
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default

    when windows starts up it starts searching for a missing shortcut for datemanager

  5. #15
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi -mandy-83

    Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
    Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.


    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
    O2 - BHO: ynjpmnlqosbvxeoulunj - {7e9c4540-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
    O3 - Toolbar: rsswblstntr - {7e9c4541-d984-11d7-95ac-444553540000} - C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.ex
    O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
    O4 - HKLM\..\Run: [eaboush] C:\WINDOWS\APPLIC~1\strprlyn.exe -QuieT
    O4 - HKLM\..\Run: [win32info] c:\windows\system\win32info.exe /noconnect
    O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
    O4 - .DEFAULT Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe (User 'Default user')
    O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe


    Now close all windows other than HiJackThis, then click Fix Checked

    Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked.

    Reboot into safe mode.

    As soon as your screen goes black after restarting, hold down the F8 key. After a bit, the computer will probably start to beep. At that point, release the F8 key. Eventually, you'll see a menu of choices. Pick Safe Mode.

    If that doesn't work, restart and try holding down the Ctrl key when your computer starts. You may see keyboard error messages; ignore them. Hold the Ctrl key down until you see a startup menu.

    Please remove these entries from Add/Remove Programs in the Control Panel(if present):

    DownloadWare
    Sqwire
    Date Manager


    Please delete these folders using Windows Explorer(if present):

    C:\Program Files\DownloadWare
    C:\Program Files\Sqwire
    C:\Program Files\Date Manager

    Please delete these files using Windows Explorer(if present):

    C:\WINDOWS\APPLICATION DATA\ISHSBLBOUEE.DLL
    C:\windows\system\win32info.exe
    C:\WINDOWS\APPLICATION DATA\strprlyn.exe
    C:\WINDOWS\FVProtect.exe

    After that, Reboot.

    With that done, please post back with a fresh HiJackThis log. Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #16
    Junior Member
    Join Date
    Nov 2008
    Posts
    9

    Default


    The computer is still running fine and no longer starts searching for the missing shortcut for date manager. I had no problems at all with your instructions, I am also very grateful for all your time and help. Thank you.Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:31:46 PM, on 11/30/08
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
    C:\WINDOWS\MOTOROLA\SMSERIAL\SM56HLPR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
    C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 98\DMHKEY.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\MSGR.EN-US.EN-AU\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DataLayer] c:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] c:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
    O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (User 'Default user')
    O4 - .DEFAULT Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE (User 'Default user')
    O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
    O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 98\DMHKEY.EXE
    O4 - Startup: Microsoft Office Fast Start.lnk = C:\WINDOWS\MM2ENT.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .au/search?q=birds+licenses++&ie=ISO-8859-1&hl=en&btnI=I'm+Feeling+Lucky&meta=cr=countryAU: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.exe
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
    O24 - Desktop Component 0: (no name) - file:///C:/My%20Documents/My%20Received%20Files/spidy.gif

    --
    End of file - 7981 bytes

  7. #17
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi -mandy-83

    you're running Windows 98 and that platform is no longer supported by MS , and will not be updated.
    I strongly suggest you upgrade to Win XP

    Read here for more info

    End of support for Windows 98, Windows Me

    How to prevent Malware

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below


    O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
    O4 - Startup: PowerReg Scheduler.exe


    Now close all windows other than HiJackThis, then click Fix Checked

    please post back with a fresh HiJackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  8. #18
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    This topic has been archived due to inactivity.

    As it has been five days or more since your last post, and your helper posted a response to which you did not reply, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

    Applies only to the original poster, anyone else with similar problems please start a new topic.

    Thank you peku006.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •