Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Need help popups
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Need help popups  
Forum Quick Jump
 
New Topic Post reply to : Need help popups Printable version of : Need help popups
[ << Previous Thread | Next Thread >> ]

dc5k2os
New Member


Date Joined Apr 2006
Total Posts : 8
  		   Posted 4-18-2006 3:35 (GMT +1)    Quote: Need help popupsAlert an admin about: Need help popups
ive recently caugth a freeprod and i deleted i thought. i am still having popups. here is my log
 
Logfile of HijackThis v1.99.1
Scan saved at 7:31:14 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\AOL\1131301977\ee\aolsoftware.exe
c:\program files\common files\aol\1131301977\ee\aexplore.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wqxik.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ilemuju.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [w0cfd36e.dll] RUNDLL32.EXE w0cfd36e.dll,I2 0007211e00cfd36e
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [curwl] C:\WINDOWS\system32\gggekd.exe reg_run
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\m482lelo1hqc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\etlbqed.exe (file missing)
Back to Top
 

rpggamergirl
Forum Moderator




Date Joined Dec 2005
Total Posts : 1530
  		   Posted 4-18-2006 3:57 (GMT +1)    Quote: Need help popupsAlert an admin about: Need help popups
dc5k2os,

Your system is heavily infected!

Please follow every instructions and download all the tools mentioned.
1. download Look2Me-Destroyer.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=7
Close all windows before continuing.
Double-click "Look2Me-Destroyer.exe" to run it.
Put a check next to "Run this program as a task".
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the "Scan for L2M" button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the "Remove L2M" button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.

Please post the contents of C:\Look2Me-Destroyer.txt
 
If you receive a message from your firewall about this program accessing the internet please allow it.
 
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
 
--------------------------------------------------------------------------------- 
2. Download Brute Force Uninstaller
http://www.merijn.org/files/bfu.zip
Unzip it to its own folder (c:\BFU)
 
Then download Alcra Remover:
http://metallica.geekstogo.com/alcanshorty.bfu
Save it in the folder you made earlier (c:\BFU).
Open My Computer and navigate to the c:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking "BFU.exe"
In the scriptline to execute field copy and paste

c:\bfu\alcanshorty.bfu

Press "execute" and let it do it’s job.
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
 
---------------------------------------------------------------------------------
3. Download qoofix.bat:(you must place qoofix.bat inside the C:\BFU folder for this to work)
http://downloads.subratam.org/Lon/qooFix.bat
Place qoofix.bat in your C:\BFU - folder. (Important!)
Doubleclick "qooFix.bat", Close all browsers and explorer folders.
Choose option 1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.
 
Let me know if you have problems running any of those batchfiles.
 
After the PC has restarted please post another hijackthis log

Can't post nor return messages on Apr. 22 to 29.
 
~Check out Tony Klein's article "How Did I Get Infected in the First Place?"
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I

Back to Top
 

dc5k2os
New Member


Date Joined Apr 2006
Total Posts : 8
  		   Posted 4-19-2006 1:57 (GMT +1)    Quote: Need help popupsAlert an admin about: Need help popups
Logfile of HijackThis v1.99.1
Scan saved at 5:56:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [w0cfd36e.dll] RUNDLL32.EXE w0cfd36e.dll,I2 0007211e00cfd36e
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [curwl] C:\WINDOWS\system32\gggekd.exe reg_run
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Vin Laden\My Documents\edw scan\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\etlbqed.exe (file missing)
Back to Top
 

rpggamergirl
Forum Moderator




Date Joined Dec 2005
Total Posts : 1530
  		   Posted 4-19-2006 2:55 (GMT +1)    Quote: Need help popupsAlert an admin about: Need help popups
Is it too much to ask for a feedback? :)
Something in the line of  "I did what you suggested but..." or  "I did everything except...." or "My computer is getting worse" or "it's still the same"
I need feedbacks!!!, especially when what I expect to happen did not happen, to see why the tool did not work!
 
Alcan worm is still showing in your log, I could assumed that you did not run the BFU, or I could assumed that something went wrong during the scan and it failed to work.

What I have here is just your Hijackthis log talking to me and its saying alcan worm is still there!
I can't fix a problem with just assumation.
I could also just ignore your topic, but I want to finish what I've started :)
 
Please fix these entries in Hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [w0cfd36e.dll] RUNDLL32.EXE w0cfd36e.dll,I2 0007211e00cfd36e
O4 - HKCU\..\Run: [curwl] C:\WINDOWS\system32\gggekd.exe reg_run
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\etlbqed.exe (file missing)
 
 
Delete these folders/files:(In Safe Mode, showing hidden files and folders)
C:\Program Files\Toolbar888
C:\Program Files\outlook <-- this is not the MS outlook trust me! BFU was supposed to take care of this one.
C:\WINDOWS\System32\w0cfd36e.dll <-- this is a nasty one make sure it's gone.
C:\WINDOWS\system32\gggekd.exe
 
 
Do this if 023 entry line that you fix in Hijackthis comes back:
Go to START > RUN > type in

services.msc
 
In the next window, look on the right hand side for this service name:
Windows Overlay Components
Double click on it and STOP the service
In the drop down menu, change the startup type to "Disabled"
 

Open Hijackthis > Open Misc Tools Section > Open" Delete an NT Service"
In the new window, copy and paste or type the following in bold into the Open field and hit OK
Windows Overlay Components

Post a new Hijackthis log for review please.

Can't post nor return messages on Apr. 22 to 29.
 
~Check out Tony Klein's article "How Did I Get Infected in the First Place?"
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I

Back to Top
 

dc5k2os
New Member


Date Joined Apr 2006
Total Posts : 8
  		   Posted 4-20-2006 5:34 (GMT +1)    Quote: Need help popupsAlert an admin about: Need help popups
lol sorry rpggirl. yea my computer is fine now. thank you so much but i guess i still have something wrong from what you said in the previous post.

i am not sure what you mean buy fixing this
Please fix these entries in Hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [w0cfd36e.dll] RUNDLL32.EXE w0cfd36e.dll,I2 0007211e00cfd36e
O4 - HKCU\..\Run: [curwl] C:\WINDOWS\system32\gggekd.exe reg_run
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\etlbqed.exe (file missing)


sorry i am not good with computers.=)
Back to Top
 

dc5k2os
New Member


Date Joined Apr 2006
Total Posts : 8
  		   Posted 4-20-2006 5:42 (GMT +1)    Quote: Need help popupsAlert an admin about: Need help popups
o nvm i think i got it girl. ill let u kno how it goes.=)
Back to Top
 

rpggamergirl
Forum Moderator




Date Joined Dec 2005
Total Posts : 1530
  		   Posted 4-20-2006 5:43 (GMT +1)    Quote: Need help popupsAlert an admin about: Need help popups
OK, I kinda going for shortcut sorry :)
Here's what I meant:
Please run Hijackthis again and put a check next to these entries(if still present):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [w0cfd36e.dll] RUNDLL32.EXE w0cfd36e.dll,I2 0007211e00cfd36e
O4 - HKCU\..\Run: [curwl] C:\WINDOWS\system32\gggekd.exe reg_run
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\etlbqed.exe (file missing)

Then close all browsers and windows (except Hijackthis) and click "Fix Checked" button, for hijackthis to fix the entries that you've checked.
then follow the rest of the instructions that I posted before, like deleting the files etc.
Let us know if problem persist or if you have any questions, just ask.


Can't post nor return messages on Apr. 22 to 29.
 
~Check out Tony Klein's article "How Did I Get Infected in the First Place?"
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I

Back to Top
 
New Topic Post reply to : Need help popups Printable version of : Need help popups
 
Forum Information
Currently it is Tuesday, January 06, 2009 1:53 PM (GMT +1)
There are a total of 65.861 posts in 16.164 threads.
In the last 3 days there were 21 new threads and 85 reply posts. View Active Threads
Who's Online
This forum has 27758 registered members. Please welcome our newest member, Nards.
53 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Have I a machine infection? (8)06-01-2009 12:42:25 (Geekguy)
How to restore missing control panel and properties (0)06-01-2009 12:30:09 (Nards)
Google Redirect Virus - Stubborn Version!!! (11)06-01-2009 12:24:11 (DaveWales)
Please help with my Hijackthis log (6)06-01-2009 12:13:33 (iwanttofly4)
Trouble accessing ColdFusion pages!? (3)06-01-2009 10:35:35 (Alin Vlad)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard