Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
When I go to websites, there is a thick green line under some words and you can click on that word to find out more info, but the thing is, this was never there until today, I can't seem to figure out how to get rid of it, it's on all websites I go to. I've also been getting ALOT of pop up ads when I never really got that many before.
I don't know if this is part is just me or not, but when I use google.com, I get loads of ads coming up about whatever I searched for and the search results don't come back like they used to (i.e the things you searched for in bold) it just comes back as links where to search for it again, but when I use google.co.uk it's fine, except all the ads again.
I've done a virus check, which was fine and I've done a Spybot Search and Destroy thing which said there was 51 problems and then it fixed it, but I still have these annoying green lines and tons of ads.
Thank you for any help and sorry if I have posted this in the wrong forum.
Hi Shona,
Do you mean certain words like on computing.net, for example on your post, the words popup and virus are in green and underlined?
Anyway try these programs too, they're very effective when kept regularly updated: -
If the problem still persists than download HijackThis, put it in a separate folder, scan with it and post a log here.ER4S3R.
Hope That Helps.____________________________________________
### Nobody believes the official spokesman, but everybody trusts an unidentified source ###
0 
Thank you very much!
I did the HijackThis but the results confused me, then I did the CWShredder and it fixed the problem, no more green lines now and google is back to normal!
Thanks again.
0
No problem Shona. :-D
Nice to hear things worked out, sounds like you had a CoolWebSearch infection, these guys really seem to be going all-out this year.
Btw using HijackThis.exe is very simple, for future use: -
1. Just double-click HijackThis.exe;
2. Click scan;
3. Click the save log button;
4. You should now have a hijackthis.log file;
5. Open it, copy everything;
6. Paste this as a post on a forum for us to have a look and suggest fixes.
NB: Always keep HijackThis.exe in a separate folder (easy to undo changes) and make sure you do not fix anything by yourself that you are not sure about.
ER4S3R.
Have a nice day.
_________________________________________
### Nobody believes the official spokesman, but everybody trusts an unidentified source ###
0
ER4S3R has given you some good advice. Now that you have got rid of the problem you should protect yourself. Go here
D4
0
ER4S3R - your info has helped me a lot.
I'm having the same problem as the poster of this thread did.
It seems like I can't open one regular browser window w/o it opening 1 and sometimes many more. Also, general words like "car, job, travel, etc" are coming up underlined in green and when clicked on go to some search site!I have windows ME which I know sucks but I've really had enough with these problems.
I ran CWshredder and it found several things which I repaired but even after that - I am still having pop-ups even with a pop-up blocker!
I dl'ed hijack this and ran it and I'm sending you a log of my results w/o touching anything, if you could review it and let me know what to fix that would be terrific....I'm just glad that I found *some* information about this.
It is driving me nuts!
Hijack this log:
Logfile of HijackThis v1.97.7
Scan saved at 4:46:40 PM, on 5/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\ESOFT\EBOARD\EBOARD.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\INTERNAT.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\WINDOWS\SYSTEM\LVCOMS.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\WINDOWS\DHBRWSR.exe
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.exe
C:\PROGRAM FILES\CACHEMAN\CACHEMAN.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\DHSVR.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://198.214.144.1
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {2DDF68DE-4D70-221D-D114-785EBD45DD9A} - C:\windows\system\uuxmiocq.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\PROGRAM FILES\ZSEARCH\zSearch.dll
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\SYSTEM\MSKPKC.DLL
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\SYSTEM\MSIBKD.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [eMachine eBoard] C:\PROGRA~1\ESOFT\EBOARD\eBoard.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.exe TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.exe -k
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [tstnopcs] C:\WINDOWS\ngdsbdxb.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [zzb] c:\Windows\System\zzb.exe
O4 - HKLM\..\Run: [svivifkf] C:\WINDOWS\svivifkf.exe
O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.exe
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\RunServices: [Apache] "C:\APPSERV\APACHE\APACHE.exe" -k start -n Apache
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\CACHEMAN\Cacheman.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [zzb] c:\Windows\System\zzb.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\Run: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.exe
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.exe
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [Cacheman] C:\PROGRA~1\CACHEMAN\Cacheman.exe
O4 - HKCU\..\RunServices: [WindowBlinds] C:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\RunServices: [zzb] c:\Windows\System\zzb.exe
O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\RunServices: [zSearch] C:\PROGRAM FILES\ZSEARCH\ZSTB.exe
O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Cacheman.lnk = C:\Program Files\Cacheman\Cacheman.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Cacheman.lnk = C:\Program Files\Cacheman\Cacheman.exe
O4 - User Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37629.9481944444
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.biz/fvlite/fvliteY.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://forumchat.compuserve.com/applets/RTCChat.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cccabs/CleverContent.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://66.48.68.135/save/makeover.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originalicons.com/members/arrtv.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
