MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: need a little help
June 16, 2019, 06:06:00 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 16, 2019, 06:06:00 AM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: need a little help  (Read 1438 times)
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« on: October 14, 2004, 09:47:12 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



I've managed to get a bunch of annoying **** on my PC.  I seem to have gotten rid of most of it using Adaware and Spybot.  I'm left with an annoying dialer called website viewer 124839 and something called adshooter.  These keep reappearing.  My hijack this log follows.  Any help would be awesome.  I'm not real technical, but I should be able to follow along.

Logfile of HijackThis v1.98.2
Scan saved at 5:45:33 PM, on 10/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\SYSsfitb.exe
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WebSiteViewer\124839.dlr
C:\Program Files\WebSiteViewer\124839.dlr
C:\WINDOWS\System32\kbdfo.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteBar\ELITEB~1.DLL (file missing)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winykc32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neca] C:\Documents and Settings\Tom\Application Data\edho.exe
O4 - HKCU\..\Run: [Ngjwyrp] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [kbdfo] C:\WINDOWS\System32\kbdfo.exe
O4 - HKCU\..\Run: [SYSsfitb] C:\WINDOWS\SYSsfitb.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: v2cab - http://14474.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=714b9e99bb1ec51fadc828f5983e23109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a1fb09d00c5943edceabcca450006
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22462d214dc1cd7b0505/netzip/RdxIE601.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB


Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: October 14, 2004, 11:11:02 PM »

You've got quite a few problems.I am at work right now and can't check your log but you could start by going to start>settings>control panel>add and remove programs and uninstall website viewer.Also download and run adaware.Make sure you have the new version SE 1.0.5
www.lavasoftusa.com.
Run hijack this again and post a new log and I will check it after 11pm
« Last Edit: October 14, 2004, 11:17:46 PM by jvic » Logged

John Vickers
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #2 on: October 15, 2004, 12:32:03 AM »

thanks jvic

Website viewer doesn't show up when I go to add / remove programs.  It puts a file named "website viewer" in program files, a file named "124839" in C:, and an icon on my desktop that says "Free XXX". It pops up a window that asks me to choose a country.

I updated adaware and ran it.  It found 205 new files, and was able to delete all but 7.  I rebooted and ran it again, it found 8 files and seemed to delete them all.

My new HJT looks like this:

 Logfile of HijackThis v1.98.2
Scan saved at 8:20:20 PM, on 10/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\kbdfo.exe
C:\Program Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteBar\ELITEB~1.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neca] C:\Documents and Settings\Tom\Application Data\edho.exe
O4 - HKCU\..\Run: [Ngjwyrp] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [kbdfo] C:\WINDOWS\System32\kbdfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22462d214dc1cd7b0505/netzip/RdxIE601.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

Thanks again in advance
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: October 15, 2004, 03:31:53 AM »

First Disable System Restore


Using System Restore Windows XP



Run hijack this and fix the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteBar\ELITEB~1.DLL (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime{THIS ONE IS OPTIONAL
 BUT IS CONSIDERED A RESOURCE HOG}

O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe
O4 - HKCU\..\Run: [Ngjwyrp] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [kbdfo] C:\WINDOWS\System32\kbdfo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22462d214dc1cd7b0505/netzip/RdxIE601.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

Boot to safe mode making sure you can see hidden files and folders


How To Boot Into SafeMode

How To Show Hidden Files And Folders

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Click Yes to confirm.
* Click OK.

Delete the following:

C:\WINDOWS\System32\?hkdsk.exe
C:\WINDOWS\System32\kbdfo.exe
C:\WINDOWS\System32\dktime.exe
c:\windows\180solutions
C:\WINDOWS\EliteBar

Reboot and post a new hijack this log







« Last Edit: October 15, 2004, 03:34:08 AM by jvic » Logged

John Vickers
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #4 on: October 15, 2004, 11:21:34 AM »

jvic, you da man
I think everything went OK, although it looks like some of the files that I deleted are back and running.  Here's my new HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 7:15:40 AM, on 10/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neca] C:\Documents and Settings\Tom\Application Data\edho.exe
O4 - HKCU\..\Run: [kbdfo] C:\WINDOWS\System32\kbdfo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #5 on: October 15, 2004, 11:33:50 AM »

Ok lets try this download
CWSHREDDER

do not run it just yet.Fix this one with hijack this
O4 - HKLM\..\Run: [saap] c:\windows\180solutions\saap.exe
Boot into safe mode
and delete this folder
 c:\windows\180solutions
Now Close all browser windows, open cwshredder.exe
then click "Fix" and let it run.
Reboot and post a new log
« Last Edit: October 15, 2004, 11:40:49 AM by jvic » Logged

John Vickers
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #6 on: October 15, 2004, 12:46:54 PM »

Dang, you're fast.  I'm at work now so I can't mess with it. I will do as you instructed and repost this evening.  Again, thanks for the help.
Logged

 
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #7 on: October 16, 2004, 02:59:17 AM »

I fixed the 180solutions file in HJT, it did not show up in C:Windows.  Ran cwshredder, everything seems back to normal.  Here is my HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 10:53:15 PM, on 10/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neca] C:\Documents and Settings\Tom\Application Data\edho.exe
O4 - HKCU\..\Run: [kbdfo] C:\WINDOWS\System32\kbdfo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #8 on: October 16, 2004, 03:20:44 AM »

your log looks good now
Logged

John Vickers
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #9 on: October 16, 2004, 12:28:11 PM »

Awesome!  Many, many thanks.
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 15, 2018, 04:44:09 AM