Browser Taken Over & More

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Victorina

Thread Starter
Joined
Dec 31, 2003
Messages
14
You guys helped me out with a problem last year and now I have a new one! My online browser seems to have a life of its own. New sites keep popping up whenever I'm on line. Also, somethings seems to continue changing some of my Internet Settings, although I keep changing them back. I am including a copy of my HIJ log. Thanks so much.

Logfile of HijackThis v1.99.1
Scan saved at 2:06:05 PM, on 6/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\TEMP\SALM.EXE
C:\WINDOWS\SYSTEM\UD8IKUS1.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL
O2 - BHO: XBTB09874 - {246A2CA8-10D9-4f50-B259-CAFF6619A12E} - C:\PROGRA~1\LOVEFR~1\TOOLBAR\LFG-TO~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL
O3 - Toolbar: Love Free Games Toolbar - {8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B} - C:\PROGRAM FILES\LOVEFREEGAMES\TOOLBAR\LFG-TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SHPC32] shpc32.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [408809432] C:\PROGRAM FILES\EGAMES\DROP 2\REGISTER\EGAMESREGISTRATION.EXE /r "C:\PROGRAM FILES\EGAMES\DROP 2\REGISTER\EGAMESREGISTRATION.rpd"
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [ud8ikus1] C:\WINDOWS\SYSTEM\ud8ikus1.exe
O4 - HKLM\..\Run: [berqtez] C:\WINDOWS\berqtez.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4430/mcfscan.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c6.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG/Toolbar/LFG-toolbar.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45/wwspades/wwspades.cab
 
Joined
Sep 7, 2004
Messages
49,014
Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O2 - BHO: XBTB09874 - {246A2CA8-10D9-4f50-B259-CAFF6619A12E} - C:\PROGRA~1\LOVEFR~1\TOOLBAR\LFG-TO~1.DLL

O3 - Toolbar: Love Free Games Toolbar - {8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B} - C:\PROGRAM FILES\LOVEFREEGAMES\TOOLBAR\LFG-TOOLBAR.DLL

O4 - HKLM\..\Run: [SHPC32] shpc32.exe

O4 - HKLM\..\Run: [408809432] C:\PROGRAM FILES\EGAMES\DROP 2\REGISTER\EGAMESREGISTRATION.EXE /r "C:\PROGRAM FILES\EGAMES\DROP 2\REGISTER\EGAMESREGISTRATION.rpd"

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [ud8ikus1] C:\WINDOWS\SYSTEM\ud8ikus1.exe

O4 - HKLM\..\Run: [berqtez] C:\WINDOWS\berqtez.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c6.cab


View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

c:\temp – all files and folders
C:\WINDOWS\SYSTEM\ud8ikus1.exe
C:\WINDOWS\berqtez.exe

Delete these folders

C:\PROGRAM FILES\MEDIA ACCESS

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot

Run ActiveScan online virus scan

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan


Please give feedback on what worked/didn’t work and the current status of your system
 

Victorina

Thread Starter
Joined
Dec 31, 2003
Messages
14
Okay, I have followed all your much-appreciated instructions and am now ready to post a new HIJ log and the results from ActiveScan. Haven't had a chance yet to see if any problems still persist, but I have much faith in your advice from past experience. Now if I have only followed your instructions correctly, as I'm still a computer novice. Take note that I will forthwith be placing a donation (necessarily small from widow on inadequate pension) through PayPal to contribute to the upkeep for this free site.

Logfile of HijackThis v1.99.1
Scan saved at 1:05:57 PM, on 6/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4430/mcfscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG/Toolbar/LFG-toolbar.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45/wwspades/wwspades.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab


Incident Status Location

Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINDOWS\SYSTEM\ide21201.vxd
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\lidoj0dp.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\rvgm6ud9.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\ud8ikus1.exe
Virus:Exploit/iFrame Disinfected C:\WINDOWS\Application Data\IM\Identities\{04E35B81-28DE-11D9-A198-444553540000}\Message Store\Deleted Items.imm[~000186.txt]
Virus:W32/Netsky.P.worm Disinfected C:\WINDOWS\Application Data\IM\Identities\{04E35B81-28DE-11D9-A198-444553540000}\Message Store\Deleted Items.imm[message.scr]
Virus:Exploit/iFrame Disinfected C:\WINDOWS\Application Data\IM\Identities\{04E35B81-28DE-11D9-A198-444553540000}\Message Store\Deleted Items.imm[~000252.txt]
Virus:W32/Netsky.P.worm Disinfected C:\WINDOWS\Application Data\IM\Identities\{04E35B81-28DE-11D9-A198-444553540000}\Message Store\Deleted Items.imm[message.scr]
Virus:Exploit/iFrame Disinfected C:\WINDOWS\Application Data\IM\Identities\{04E35B81-28DE-11D9-A198-444553540000}\Message Store\Deleted Items.imm[~000269.txt]
Virus:W32/Netsky.P.worm Disinfected C:\WINDOWS\Application Data\IM\Identities\{04E35B81-28DE-11D9-A198-444553540000}\Message Store\Deleted Items.imm[message.scr]
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Virus:W32/Netsky.P.worm Disinfected C:\WINDOWS\zip1.tmp[zip1.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\WINDOWS\zip2.tmp[zip2.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\WINDOWS\zip3.tmp[zip3.zip][details.txt .pif]
Adware:Adware/nCase No disinfected C:\WINDOWS\berqtez.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\1n29bheo.exe
Adware:Adware/HuntBar No disinfected C:\NULL
Adware:Adware/Startware No disinfected C:\Program Files\Starware\bin\Starware.dll
Adware:Adware/WinAD No disinfected C:\Program Files\HijackThis\backups\backup-20050625-060040-497.dll
Adware:Adware/WUpd No disinfected C:\RECYCLED\DC50\MediaAccess.exe
Adware:Adware/nCase No disinfected C:\RECYCLED\DC50\MediaAccK.exe
Adware:Adware/WinAD No disinfected C:\RECYCLED\DC50\MediaAccC.dll
Adware:Adware/HuntBar No disinfected C:\My Download Files\edow.exe
Adware:Adware/HuntBar No disinfected C:\Temp\EDow.exe
Virus:Exploit/iFrame Disinfected D:\Temporary Internet Files\Content.IE5\O1234567\wbk341.TMP
Adware:Adware/Zango No disinfected D:\Temporary Internet Files\Content.IE5\GXI74T2V\ZangoInstaller[1].exe
Virus:Exploit/iFrame Disinfected D:\Temporary Internet Files\Content.IE5\D4KJHLKH\wbk9100.TMP
Virus:Exploit/iFrame Disinfected D:\Temporary Internet Files\Content.IE5\D4KJHLKH\wbkA050.TMP
Virus:Exploit/iFrame Disinfected D:\Temporary Internet Files\Content.IE5\2DNSTC3U\wbk5074.TMP
Adware:Adware/WUpd No disinfected D:\Temporary Internet Files\Content.IE5\SLE7O1QN\popup[1].js
Adware:Adware/WinAD No disinfected D:\Temporary Internet Files\Content.IE5\CD0JCRCJ\MediaAccC[1].dll
Adware:Adware/WUpd No disinfected D:\Temporary Internet Files\Content.IE5\5OWF550D\MediaAccess[1].exe
Adware:Adware/WinAD No disinfected D:\Temporary Internet Files\Content.IE5\BN5NF9KW\bridge-c6[1].cab
Adware:Adware/WinAD No disinfected D:\Temporary Internet Files\Content.IE5\BN5NF9KW\bridge-c6[1].cab[MediaAccX.dll]
Adware:Adware/nCase No disinfected D:\Temporary Internet Files\Content.IE5\C5MRKLAZ\MediaAccK[1].exe
 
Joined
Sep 7, 2004
Messages
49,014
Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL

O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

C:\WINDOWS\SYSTEM\ide21201.vxd
C:\WINDOWS\SYSTEM\lidoj0dp.dll
C:\WINDOWS\SYSTEM\rvgm6ud9.exe
C:\WINDOWS\SYSTEM\ud8ikus1.exe
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp[zip3.zip
C:\WINDOWS\berqtez.exe
C:\WINDOWS\1n29bheo.exe
C:\My Download Files\edow.exe
C:\Temp\ - all files and folders

Delete these folders

C:\PROGRAM FILES\MEDIA ACCESS
C:\PROGRAM FILES\STARWARE

In IE – TOOLS - OPTIONS – Delete Files

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin

Boot

To be extra safe lets do this

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
· Click on scanner
· Put a check by the following before you scan:
o Binder
o Crypter
o Archives
· Click the Start Scan button to start the scan.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your desktop
Post that log

Please give feedback on what worked/didn’t work and the current status of your system
 

Victorina

Thread Starter
Joined
Dec 31, 2003
Messages
14
After reading your 4.44 pm post today, I find I have a question regarding your instructions. In the first paragraphs, you instruct to boot to safe mode and fix listed problems with HJT. Okay, easy enough. But should I then reboot in regular mode to proceed with the View Hidden Files instructions?? It appears that at some point I should be back in regular mode (if that's what you call it), as further on you instruct me to restart computer in Safe Mode again. Please note that I will need every single thing spelled out in a step-by-step, because my computer savy is pretty much limited to games, email, Word Documents and some net surfing. It's a sad thing, to be sure, and further proof of how much I am in need of your help today. I most appreciate your patience with what is undoubtedly a doofus question but . . . . I swear, after 50 your brain begins taking periodic vacations no matter how hard you fight it.
 
Joined
Sep 7, 2004
Messages
49,014
Where I say Boot is to normal mode - you ned to be in normal mode to get that new app and then it runs best in safe mode

I'm pushing 58 - tell me about it!!!!!!!!!!!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top