Unidentified Flying, erm, Adware

By MYOB
Feb 16, 2006
Topic Status:
Not open for further replies.
  1. My sisters box here has some form of adware - throws mostly dating related ads into a new tab in Firefox - on her system, which she got a few days ago. Now, Windows is not my thing, but AVG (up to date), Spybot (up to date), MS Anti Spyware (up to date) and Ad-Aware (up to date) fail to find it so I'm guessing its fairly un-known

    However, HijackThis finds a "Browser Helper Object" using C:\Windows\System32\rqrrp.dll. This is unremovable, and said file is unremovable even in safe mode

    My log is attached, however I'm not sure if its going to be much help. Just wondering does anyone have any idea what the hell it is? Machine can wait the one or two days until Grisoft or one of the spyware companies find out what it is, if need be...
  2. Nukey

    Nukey Newcomer, in training Posts: 114

    Ok, normally there is an application associated with the toolar or adbox. Go to start Run then type MSCONFIG and check the startup entries in there and remove anything suspicious. Let me know how you get on... :)
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    First Read: Only use these HJT-instructions when asked!
    /R/ unRegister the xxx.DLL in that line
    Transfer the text from between these dotted lines underneath to between the dotted lines of the above post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.oceanfree.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.oceanfree.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.oceanfree.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.oceanfree.net
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iolfree.ie:8080
    /R/ O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\rqrrp.dll
    O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/ie/enu/gen/default.htm (file missing) (HKCU)
    O20 - Winlogon Notify: rqrrp - C:\WINDOWS\SYSTEM32\rqrrp.dll
    /R/ O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\jtpo0773e.dll
    O20 - Winlogon Notify: windbw32 - windbw32.dll (file missing)
    ...................................................................................................

    Can't let a fellow Irishman (or his sister) suffer!

    Nobody else should get their hopes up!
  4. MYOB

    MYOB Newcomer, in training Topic Starter Posts: 527

    I'm heading over to her house again tomorrow equipped with SP2, etc - she's on dialup still... and I'll try that. Relatively big signature update for Spybot over night too, so that might help, maybe..
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.