Technology Adware problems.

[Illuminattile]

Like I said, dm***.exe is part of Wareout.

Run ewido again in Safe Mode, see if it cleans it up. ewido can and should remove it.

Win2help.dll isn't an important system file, so you need to get rid of that too. If ewido doesn't remove it when you scan in Safe Mode, download Killbox (in the Knowledge Base), and copy the file location into there. It'll delete it on start-up.

 

[Bobby Sands]

When i run ewido in safe mode it showsup new results with errors in fixing.

Also,should i be running 3 anti spyware programs at once or does it matter?

 

[Illuminattile]

When i run ewido in safe mode it showsup new results with errors in fixing.

Also,should i be running 3 anti spyware programs at once or does it matter?

Doesn't really matter, but they can get in each others way. I wouldn't run scans with all three simultaneously, though. Let one fix what it can, then run another to pick up anything the first missed etc.

 

[Bobby Sands]

Also,ive downloaded killbox.What should i do with it?

 

[Illuminattile]

Run it, find the dm***.exe file and copy the location (C:\Windows\System 32\dmckh.exe or whatever it is) and then hit the "Delete file" button (the red circle with a white cross in it).

 

[Bobby Sands]

I selected delete on reboot.Does that matter?

 

[Bobby Sands]

File is gone now anyway.but shit is worse now.When im viewin this page for example the page switches every minute.Thats why ive to post quick in seperate posts.

 

[Bobby Sands]

In microsoft anti-spyware beta,when i go to tools,advanced tools,system explorers and then to windows hosts files.There are a load of adware entries there and i cant remove or block them.This must be the problem.?

 

[Bobby Sands]

http://www.windowsdevcenter.com/pub/a/windows/2004/03/30/hosts.html


I did what it said to do on the site,but thats not workin either.I downloaded those adware host file lists.Does this even work?

 

[Illuminattile]

Post a screenshot of the Hosts section Microsoft Anti-Spyware

 

[Bobby Sands]

There are two many entries to take a screenshot but here is what is contained at:c:\\Windows\System32\drivers\etc\hosts

http://s56.yousendit.com/d.aspx?id=1XBIS4YL5ZOZ80N84IHEMWR86H


Its a notepad file.

 

[Bobby Sands]

Btw,that is after i downloaded from the site i mention in my other post.

 

[Illuminattile]

That's just the hosts file you downloaded, which is configured to block ads (hence all the ad sites being listed in there). There's nothing wrong with that host file.

 

[Bobby Sands]

Yea,i know but there are still some sites re-directing me.meanin there is still stuff on my comp.rite.?

 

[Bobby Sands]

There doesnt seem to be any way of fixin this.

 

[Bobby Sands]

This is contained in my prefetch folder:ikernal.exe.

Should that be there?

 

[Bobby Sands]

also:acstart16.exe

 

[Illuminattile]

Both fine.

ikernal is InstallShield
acstart16 is AutoCAD

Are you using Internet Explorer?

 

[Bobby Sands]

No,im usin Firefox for about 2 months now.

What about this?

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup


Is the NvCpl.dll ok?I was searching on processlibrary.com for these exe files and dlls.

For NvCpl.dll,it sayes:

Process File: NVCPL.EXE
Process Name: W32.SpyBot.S Worm

Description: NVCPL.EXE is a process which is registered as the W32.SpyBot.S Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

This is a registered security risk and should be removed immediately. Please see additional details regarding this process

 

[Bobby Sands]

Its just Nvidia is it?