Unidentified Flying, erm, Adware

Status
Not open for further replies.
M

MYOB

Posts: 467   +0
My sisters box here has some form of adware - throws mostly dating related ads into a new tab in Firefox - on her system, which she got a few days ago. Now, Windows is not my thing, but AVG (up to date), Spybot (up to date), MS Anti Spyware (up to date) and Ad-Aware (up to date) fail to find it so I'm guessing its fairly un-known

However, HijackThis finds a "Browser Helper Object" using C:\Windows\System32\rqrrp.dll. This is unremovable, and said file is unremovable even in safe mode

My log is attached, however I'm not sure if its going to be much help. Just wondering does anyone have any idea what the hell it is? Machine can wait the one or two days until Grisoft or one of the spyware companies find out what it is, if need be...
 
Ok, normally there is an application associated with the toolar or adbox. Go to start Run then type MSCONFIG and check the startup entries in there and remove anything suspicious. Let me know how you get on... :)
 
First Read: Only use these HJT-instructions when asked!
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of the above post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.oceanfree.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.oceanfree.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.oceanfree.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.oceanfree.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iolfree.ie:8080
/R/ O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\rqrrp.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/ie/enu/gen/default.htm (file missing) (HKCU)
O20 - Winlogon Notify: rqrrp - C:\WINDOWS\SYSTEM32\rqrrp.dll
/R/ O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\jtpo0773e.dll
O20 - Winlogon Notify: windbw32 - windbw32.dll (file missing)
...................................................................................................

Can't let a fellow Irishman (or his sister) suffer!

Nobody else should get their hopes up!
 
I'm heading over to her house again tomorrow equipped with SP2, etc - she's on dialup still... and I'll try that. Relatively big signature update for Spybot over night too, so that might help, maybe..
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Flying taxi services could begin appearing as early as 2024
Replies
10
Views
344
Dimitrios
Dimitrios
midian182
US military shoots down fourth unidentified object this month
Replies
11
Views
641
3volv3d
3
Cal Jeffrey
China becomes first country to approve autonomous flying taxis
Replies
14
Views
506
VitalyT
VitalyT

Latest posts

Back