1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

passthrough popupbaropener

Discussion in 'Earlier Versions of Windows' started by tndude, Jul 5, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    I have been reading the forum comments on how to get rid of the popupbaropener. I have tried to download HiJack This but get this message. "Couldn't find Expedia Streets & Trips 2000 on this machine." HELP!!!!!
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    First, you need to download the file to disk, and not choose "open".

    Next, you need to decompress it with a utility like WinZip

    Many downloads come in the shape of a compressed file, so it's an indispensible tool, really.
    It has an evaluation version which you can use for a month or so

    Here's a tutorial

    It's extremely easy to do.

    BTW, QuickZip is an excellent alternative to WinZip that's freeware: http://www.quickzip.org/

    After unzipping the file to a folder of your choice, you'll end up with the file itself, which is Hijackthis.exe, and that's the one you'll need to doubleclick.
    It will create a log automatically.
     
  3. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    Thanks Tony. I will give this a try and get back here later.
     
  4. DudeXP

    DudeXP

    Joined:
    Jul 5, 2003
    Messages:
    70
    ...yeah that should work
     
  5. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    When I try to download Quick Zip I get a "This page cannot be found" message
     
  6. xfilesgurly

    xfilesgurly

    Joined:
    Nov 3, 2001
    Messages:
    146
  7. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    Thanks xfilesgurly. I downloaded an evaluation copy of Winzip. Just need to learn how to use it. I am pretty computer Illiterate. It sure is neat learning from Y'all. That is singular. I should say ALL Y'all for plural. Hee Hee
     
  8. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    I have unzipped the the HiJack This file and Saved the scan log to My Documents. How do I get the contents on this forum. I cannot even open what I saved to My Documents. It just flashes and doesn't stay.
     
  9. john1

    john1

    Joined:
    Nov 25, 2000
    Messages:
    8,994
    I thought it was "you'se-all"
     
  10. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    Yankees say you'se guys
     
  11. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    The Hijack This file that I saved to My Documents does not say Hijackthis.exe. It just gives the blue explorer icon and says hijackthis. I get a copy of the register when I scan if I can only get it to the forum where you guys that are knowledgeable can tell me what items to click. There are about 4 items with wabu in them.
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It doesn't say Hijack This.exe, because in Folder Options > View, you have the option "Hide extensions for known file types" checked.

    Go there, and UNcheck that box. It's always important to know what kind of file you're dealing with.

    As for posting your log, if you doubleclick the log file, does it open in Notepad?

    If so, go to Edit > Select all, then to Edit > copy.
    Now you've copied the entire text to the Windows Clipboard (this happens behind your back.)

    Next, go back to this forum thread, and click "Post Reply".
    In an empty area click your RIGHT mouse button, and choose 'Paste' from the context menu.

    And voila, there's your Hijack This log.

    NOTE: Should the log not open in Notepad by default, do this:

    . Highlight the logfile by clicking on it once
    · Hold down the shift key and then right-click your mouse
    · Select "Open With" from the menu
    . Pick Notepad.exe.

    Be sure to check the box, "Always use this program to open these files".

    · Click "OK" and you are all done!
     
  13. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    Thanks Tony. I will try this this afternoon. Will let you know.
     
  14. tndude

    tndude Thread Starter

    Joined:
    Jul 5, 2003
    Messages:
    112
    Think this is it Tony. Hope someone out there can help me get rid of all extraneous junk on here. Thanks


    Logfile of HijackThis v1.95.0
    Scan saved at 8:51:46 AM, on 7/6/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\OPLIMIT\OCRAWARE.EXE
    C:\OPLIMIT\OCRAWR32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\TVMD.EXE
    C:\PROGRAM FILES\INET DELIVERY\INTDEL_2.EXE
    C:\PROGRAM FILES\NCASE\MSBB.EXE
    C:\PROGRAM FILES\INKLINE GLOBAL\PC BOOSTER\PCBOOSTER.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MONEY EXPRESS.EXE
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\VSTASCAN\VSACCESS.EXE
    C:\PALTALK\PNETAWARE.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\RB32\RB32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\HPZSTATX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE
    C:\MY DOCUMENTS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.jethomepage.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.masterbar.com/toolbar/sidebar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://V17103.wabu.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://Q10359.wabu.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.jethomepage.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://n10759.wabu.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://t24154.wabu.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://k26366.wabu.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Dell
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
    O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
    O2 - BHO: (no name) - {87831d40-8c78-11d7-9e3d-00a0cce5f8db} - C:\WINDOWS\APPLICATION DATA\GLOAAFCQW.DLL
    O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
    O3 - Toolbar: bstufthdrsh - {87831d41-8c78-11d7-9e3d-00a0cce5f8db} - C:\WINDOWS\APPLICATION DATA\GLOAAFCQW.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [sp] regedit -s C:\WINDOWS\sp.dll
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
    O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [TVMD] C:\WINDOWS\TVMD.EXE
    O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\INTDEL_2.exe
    O4 - HKLM\..\Run: [tcqoa] C:\WINDOWS\APPLIC~1\thblpdrt.exe -QuieT
    O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
    O4 - HKLM\..\Run: [win32app] c:\windows\System\winpup32.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [PGB] C:\WINDOWS\PGB.exe
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
    O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
    O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
    O4 - Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG Spirit\AGremind.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/28b3f46634be6e56f906/netzip/RdxIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/controls/macromedia/Swdir.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://us3.webex.com/client/latest/webex/ieatgpc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27a5b89b09b2eea0ab01/netzip/RdxIE6.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37588.6020486111
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50015/btiein.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialer.cab
    O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://delivery.inet-traffic.com/intdel.exe
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/291/nCaseInstaller.cab
    O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.clock-sync.com/ClockSyncAutoSYNC0012.cab
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn1.adsdk.com/bannerfarm/42833/VbouncerOuter1123030507.exe
     
  15. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    OK, that's quite a spyware/malware collection, and I've got a long list of things to do.

    First, you have the latest version of RapidBlaster. Read this advisory: http://www.wilderssecurity.net/specialinfo/rapidblaster.html

    Before doing anything else, you NEED to run Javacool's RapidBlaster killer : http://www.wilderssecurity.net/downloads/rbkiller.exe
    It's at present the only application that will effectively remove this pest!

    Launch the program and hit the Scan button.
    RBKiller will find any RapidBlaster variants on your system, kill the process, delete the Registry Run entry, and remove the file itself.

    Next, in Hijack This, check ALL of the following items. Doublecheck so as to be sure not to miss a single one.
    Next, shut down all browser Windows, and have HT fix all checked.


    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.jethomepage.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.masterbar.com/toolbar/sidebar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://V17103.wabu.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://Q10359.wabu.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.jethomepage.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://n10759.wabu.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://t24154.wabu.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://k26366.wabu.com/searchbar.html

    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
    O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
    O2 - BHO: (no name) - {87831d40-8c78-11d7-9e3d-00a0cce5f8db} - C:\WINDOWS\APPLICATION DATA\GLOAAFCQW.DLL
    O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
    O3 - Toolbar: bstufthdrsh - {87831d41-8c78-11d7-9e3d-00a0cce5f8db} - C:\WINDOWS\APPLICATION DATA\GLOAAFCQW.DLL

    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [sp] regedit -s C:\WINDOWS\sp.dll
    O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
    O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [TVMD] C:\WINDOWS\TVMD.EXE
    O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\INTDEL_2.exe
    O4 - HKLM\..\Run: [tcqoa] C:\WINDOWS\APPLIC~1\thblpdrt.exe -QuieT
    O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
    O4 - HKLM\..\Run: [win32app] c:\windows\System\winpup32.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [PGB] C:\WINDOWS\PGB.exe
    O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min

    O15 - Trusted Zone: http://free.aol.com

    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/28b3f46634be6...etzip/RdxIE.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/mini...uginstaller.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.30/Hiwire.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27a5b89b09b2ee...tzip/RdxIE6.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50015/btiein.cab
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.ne...GHTMLDialer.cab
    O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://delivery.inet-traffic.com/intdel.exe
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product...erInstaller.exe
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
    O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activex...seInstaller.cab
    O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.clock-sync.com/ClockSyncAutoSYNC0012.cab
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} -



    Now restart your computer, and delete:

    The C:\PROGRAM FILES\HTTPER folder
    The C:\WINDOWS\sp.dll file
    The C:\Program Files\MovieNetworks folder
    The C:\Program Files\DownloadWare folder
    The C:\WINDOWS\TVMD.EXE file
    The C:\Program Files\Inet Delivery folder
    The C:\WINDOWS\Application data\thblpdrt.exe file
    The C:\PROGRAM FILES\MEMORYMETER folder
    The c:\windows\System\winpup32.exe file
    The C:\WINDOWS\SYSTEM\stcloader.exe file
    The C:\PROGRAM FILES\NCASE folder
    The C:\WINDOWS\PGB.exe file
    The C:\PROGRAM FILES\INTERNET WASHER PRO folder

    Finally, download Spybot - Search & Destroy

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds.

    Cheers,
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/144639

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice