# I can't seem to get rid of file called TV MEDIA



## ecpool (Jun 5, 2002)

I've tried Ad-aware 6.0 . Hijackthis doesn't remove it. I ran my virus program but that didn't help. Here is my Hijackthis report.

Logfile of HijackThis v1.96.1
Scan saved at 8:25:18 AM, on 5/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS.001\SYSTEM\KERNEL32.DLL
C:\WINDOWS.001\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.001\SYSTEM\MPREXE.EXE
C:\WINDOWS.001\SYSTEM\mmtask.tsk
C:\WINDOWS.001\EXPLORER.EXE
C:\WINDOWS.001\RUNDLL32.EXE
C:\WINDOWS.001\SYSTEM\PSTORES.EXE
C:\WINDOWS.001\SYSTEM\DDHELP.EXE
C:\WINDOWS.001\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\WINDOWS.001\Application Data\Mozilla\Profiles\default\pw9wxa7a.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\WINDOWS.001\Application Data\Mozilla\Profiles\default\pw9wxa7a.slt\prefs.js)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.001\scanregw.exe /autorun
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [sysbot] c:\windows.001\system\sysbot.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38091.6520833333
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46/collapse/collapse.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab


----------



## Rollin' Rog (Dec 9, 2000)

Restart the computer in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

>> In Safe Mode run HijackThis and check and fix the following entries:

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [sysbot] c:\windows.001\system\*sysbot.exe*
O4 - HKCU\..\Run: [TV Media] C:\*TV MEDIA*\TVM.EXE

Then manually delete the bolded files or folders above. Sysbot may be "hidden" so you should ensure "show all files" is enabled in Folder Options > View.

PS: HijackThis should be kept in its own folder rather than directly on the desktop since it will create backups in that folder.


----------



## Digit (Jul 5, 2004)

Removal Intructions
http://creightonbrown.geek.nz/content/ideas_tweaks.asp


----------

