Jump to content


Photo

Evil little green underlined words and pop-ups!


  • This topic is locked This topic is locked
5 replies to this topic

#1 princesssockhead

princesssockhead

    Member

  • New Member
  • Pip
  • 2 posts

Posted 24 May 2004 - 05:06 PM

It seems like I can't open one regular browser window w/o it opening 1 pop-up ad and sometimes many more. Also, general words like "car, job, travel, etc" are coming up underlined in green and when clicked on go to some search site!

I have windows ME which I know sucks but I've really had enough with these problems.

I ran CWshredder and it found several things which I repaired but even after that - I am still having pop-ups even with a pop-up blocker! I use spybot search & destroy, and Ad-Aware everyday - both finding problems each time I run them. But even after "fixing" the problems - they are still happening!!!

I dl'ed hijack this and ran it and I'm sending you a log of my results w/o touching anything, if you could review it and let me know what to fix that would be terrific....I'm just glad that I found *some* information about this.

It is driving me nuts!

Hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 4:46:40 PM, on 5/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ESOFT\EBOARD\EBOARD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\DHBRWSR.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAM FILES\CACHEMAN\CACHEMAN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DHSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://198.214.144.1
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {2DDF68DE-4D70-221D-D114-785EBD45DD9A} - C:\windows\system\uuxmiocq.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\PROGRAM FILES\ZSEARCH\zSearch.dll
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\SYSTEM\MSKPKC.DLL
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\SYSTEM\MSIBKD.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [tstnopcs] C:\WINDOWS\ngdsbdxb.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [zzb] c:\Windows\System\zzb.exe
O4 - HKLM\..\Run: [svivifkf] C:\WINDOWS\svivifkf.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Apache] "C:\APPSERV\APACHE\APACHE.EXE" -k start -n Apache
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\CACHEMAN\Cacheman.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [zzb] c:\Windows\System\zzb.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\Run: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.EXE
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [Cacheman] C:\PROGRA~1\CACHEMAN\Cacheman.exe
O4 - HKCU\..\RunServices: [WindowBlinds] C:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\RunServices: [zzb] c:\Windows\System\zzb.exe
O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\RunServices: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.EXE
O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Cacheman.lnk = C:\Program Files\Cacheman\Cacheman.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Cacheman.lnk = C:\Program Files\Cacheman\Cacheman.exe
O4 - User Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.26/Hiwire.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7629.9481944444
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.b...ite/fvliteY.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://forumchat.com...ets/RTCChat.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.micr...N-US/msorun.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.14...geWell-ipix.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originali...mbers/arrtv.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab

Edited by princesssockhead, 24 May 2004 - 05:07 PM.


#2 princesssockhead

princesssockhead

    Member

  • New Member
  • Pip
  • 2 posts

Posted 24 May 2004 - 11:26 PM

Help! This problem is persisting even after trying some of the things I've found listed in the faq and other posts in this forum.

#3 RU42

RU42

    Member

  • New Member
  • Pip
  • 1 posts

Posted 24 May 2004 - 11:35 PM

I am not an expert, but if what you are describing is what I am thinking about it is a program that is being run by that site to get extra revenue. It freaked me out the first time I saw it, but it only happened to one site. Then when I explored I found out that site installed that program on purpose to help pay the bills.

RU

#4 Penmonicus

Penmonicus

    Member

  • New Member
  • Pip
  • 3 posts

Posted 25 May 2004 - 12:32 AM

Yeah, I've experienced the underlining of stuff on www.IGN.com under "Nintendo" and such, however it DOES seem only to be on that site.

#5 Kevin_b_er

Kevin_b_er

    Gliding through the clutter

  • Retired Staff - Helper
  • Pip
  • 36 posts

Posted 25 May 2004 - 02:54 AM

Do you ever update Spybot Search and Destroy or ad-aware, they're like antivirus, useless against latestest baddies unless regularly upgraded...




Go into Control Panel > Add/Remove Programs. Find and uninstall any of these:
WinTools
WinToolsA
mscman


Did you follow my instructions above? don't ignore them ;)

Checkmark these in hijackthis and click [Fix]:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {2DDF68DE-4D70-221D-D114-785EBD45DD9A} - C:\windows\system\uuxmiocq.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O2 - BHO: (no name) - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\PROGRAM FILES\ZSEARCH\zSearch.dll
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\SYSTEM\MSKPKC.DLL
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\SYSTEM\MSIBKD.DLL
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
O4 - HKLM\..\Run: [tstnopcs] C:\WINDOWS\ngdsbdxb.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.EXE
O4 - HKLM\..\Run: [zzb] c:\Windows\System\zzb.exe
O4 - HKLM\..\Run: [svivifkf] C:\WINDOWS\svivifkf.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.EXE
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServices: [zzb] c:\Windows\System\zzb.exe
O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\RunServices: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.EXE
O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwir...5.26/Hiwire.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originali...mbers/arrtv.cab

No, the one labeled "Antivirus" is not really an antirvirus program, its a virus in itself.

I can't totally tell what these are, so unless you know, check them. These type of entries will try to reinstall when you revisit their respective websites that installed them in the first place, so there's not much harm done in checking them:
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp...23/cpbrkpie.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.biz/fvlite/fvliteY.cab

Do you know what this IP is? 198.214.144.1
Its listed as being a proxy server, and its registered to the university of texas at austin.



Next reboot into safe mode quickly.
Delete these files any way you can. Print, write, memorize these files to delete, but please don't go without getting them all... Delete only files/folders in the folder/directories I specify, some may mimic real windows files, but be in the wrong place!
C:\WINDOWS\2_0_1browserhelper2.dll
C:\PROGRAM FILES\TV MEDIA\ <-- FOLDER
C:\PROGRAM FILES\ZSEARCH\ <-- FOLDER
C:\Program Files\Common files\WinTools\ <--- FOLDER (if it exists anymore)
C:\windows\system\uuxmiocq.dll
C:\WINDOWS\SYSTEM\MSKPKC.DLL
C:\WINDOWS\SYSTEM\MSIBKD.DLL
C:\WINDOWS\AV.EXE
C:\WINDOWS\DEALHLPR.DLL
c:\Windows\System\zzb.exe
C:\WINDOWS\SYSTEM\msgked.exe
C:\WINDOWS\dhbrwsr.exe
C:\WINDOWS\DHUpdt.exe
C:\WINDOWS\svivifkf.exe
C:\WINDOWS\ngdsbdxb.exe
C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\ <-- FOLDER

If you can't delete a folder somehow, try at least to delete all the files inside of it, and let me know which files were undeletable...

Then, restart back to normal mode, and make a new hijackthis log. We probably aren't done.


If you have AIM, MSN Messenger, Y! IM, Outlook accounts, ICQ, SoundBlaster Registration, ZA Pro registration, and/or you've set your real phone into the windows dialing system for the 'Home' location, consider it comprimised and stolen and change it NOW on a different computer or on your current one after we've cleaned you up.

Edited by Kevin_b_er, 25 May 2004 - 02:58 AM.


#6 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 12 October 2004 - 06:01 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button