MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Problem with dialer
June 16, 2019, 05:09:41 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 16, 2019, 05:09:41 AM

Login with username, password and session length
 
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Problem with dialer  (Read 1371 times)
L.G.
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 22


Bookmark and Share

View Profile
« on: November 09, 2004, 09:01:41 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Hi. I have the problem with WebSiteViewer. When the system starts, the dialer named 'teeenz' starts itself and place treir icons on a desktop and the start menu. I tried a lot of times to clean it, but with no luck. At least I decide to ask you for help.

Here is hijack's scan log:

Logfile of HijackThis v1.98.2
Scan saved at 15:37:57, on 2004.11.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\CAPRPCS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\MS32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\MSDE\BINN\SQLMANGR.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\MSDE\BINN\SQLSERVR.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBSITEVIEWER\123758.DLR
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0cj.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lrytas.lt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0cj.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0cj.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://0cj.net/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0cj.net/srchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://0cj.net/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0cj.net/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0cj.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {E8BE8374-0C04-486A-93B9-A423EE65E241} - (no file)
O2 - BHO: (no name) - {081EB35F-4619-42E5-B9D4-FF23E9F919E7} - C:\WINDOWS\SYSTEM\GOFJCAA.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [System Backup] ms32.exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\SYSTEM\CAPON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - Startup: Canon LBP-810 Status Window.lnk = C:\WINDOWS\SYSTEM\CAPPSW.EXE
O4 - Startup: Service Manager.lnk = C:\MSDE\Binn\sqlmangr.exe
O4 - Startup: SQL Server.lnk = C:\MSDE\Binn\scm.exe
O9 - Extra button: (no name) - {2BF6CEC9-A099-4D97-AD5A-EAB9CAB33AAE} - http://213.159.118.226/Refinancing+My+Mortgage.html (file missing)
O9 - Extra 'Tools' menuitem: Refinancing My Mortgage - {2BF6CEC9-A099-4D97-AD5A-EAB9CAB33AAE} - http://213.159.118.226/Refinancing+My+Mortgage.html (file missing)
O9 - Extra button: (no name) - {126549C1-FEA0-45F2-9B59-BB1A9C656CF6} - http://213.159.118.226/Home+Equity+Loan.html (file missing)
O9 - Extra 'Tools' menuitem: Home Equity Loan - {126549C1-FEA0-45F2-9B59-BB1A9C656CF6} - http://213.159.118.226/Home+Equity+Loan.html (file missing)
O9 - Extra button: (no name) - {DFF58067-27CB-458D-8995-8F7C0D78C362} - http://213.159.118.226/Incorporate.html (file missing)
O9 - Extra 'Tools' menuitem: Incorporate - {DFF58067-27CB-458D-8995-8F7C0D78C362} - http://213.159.118.226/Incorporate.html (file missing)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} (:-) VideoSoft FlexGrid 7.0 (Light)) - http://www.ses.lt/sesweb/vsflex7l.ocx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.59.0.1,212.59.0.2
O18 - Filter: text/html - {F2A95B19-C7FF-4059-9CFC-49CC1283CD95} - C:\WINDOWS\SYSTEM\GOFJCAA.DLL
O18 - Filter: text/plain - {F2A95B19-C7FF-4059-9CFC-49CC1283CD95} - C:\WINDOWS\SYSTEM\GOFJCAA.DLL

Thank You in advance for ahelp.
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: November 09, 2004, 11:11:14 PM »

First go to start<settings<control panel<add and remove programs and uninstall

WEBSITEVIEWER

Run hijack this and fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://freednshost.info/page/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0cj.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lrytas.lt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0cj.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0cj.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://0cj.net/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://0cj.net/srchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://0cj.net/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://0cj.net/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://0cj.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {E8BE8374-0C04-486A-93B9-A423EE65E241} - (no file)
O2 - BHO: (no name) - {081EB35F-4619-42E5-B9D4-FF23E9F919E7} - C:\WINDOWS\SYSTEM\GOFJCAA.DLL (file missing)
O4 - HKLM\..\Run: [System Backup] ms32.exe
O9 - Extra button: (no name) - {2BF6CEC9-A099-4D97-AD5A-EAB9CAB33AAE} - http://213.159.118.226/Refinancing+My+Mortgage.html (file missing)
O9 - Extra 'Tools' menuitem: Refinancing My Mortgage - {2BF6CEC9-A099-4D97-AD5A-EAB9CAB33AAE} - http://213.159.118.226/Refinancing+My+Mortgage.html (file missing)
O9 - Extra button: (no name) - {126549C1-FEA0-45F2-9B59-BB1A9C656CF6} - http://213.159.118.226/Home+Equity+Loan.html (file missing)
O9 - Extra 'Tools' menuitem: Home Equity Loan - {126549C1-FEA0-45F2-9B59-BB1A9C656CF6} - http://213.159.118.226/Home+Equity+Loan.html (file missing)
O9 - Extra button: (no name) - {DFF58067-27CB-458D-8995-8F7C0D78C362} - http://213.159.118.226/Incorporate.html (file missing)
O9 - Extra 'Tools' menuitem: Incorporate - {DFF58067-27CB-458D-8995-8F7C0D78C362} - http://213.159.118.226/Incorporate.html (file missing)
O18 - Filter: text/html - {F2A95B19-C7FF-4059-9CFC-49CC1283CD95} - C:\WINDOWS\SYSTEM\GOFJCAA.DLL
O18 - Filter: text/plain - {F2A95B19-C7FF-4059-9CFC-49CC1283CD95} - C:\WINDOWS\SYSTEM\GOFJCAA.DLL

Boot to safe mode making sure you can see hidden files and folders


How To Boot Into SafeMode

How To Show Hidden Files And Folders


Delete

C:\WINDOWS\SYSTEM\MS32.EXE
C:\PROGRAM FILES\WEBSITEVIEWER\123758.DLR

Reboot and post a new hjt log
Logged

John Vickers
L.G.
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 22


Bookmark and Share

View Profile
« Reply #2 on: November 11, 2004, 09:33:50 PM »

Dear John,

Good day.
At first thank you for help! I think I was able to repair it with your help. Now my scan log looks like that:

Logfile of HijackThis v1.98.2
Scan saved at 10:44:07, on 2004.11.11
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\CAPRPCS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\MSDE\BINN\SQLMANGR.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\MSDE\BINN\SQLSERVR.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\SYSTEM\CAPON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - Startup: Canon LBP-810 Status Window.lnk = C:\WINDOWS\SYSTEM\CAPPSW.EXE
O4 - Startup: Service Manager.lnk = C:\MSDE\Binn\sqlmangr.exe
O4 - Startup: SQL Server.lnk = C:\MSDE\Binn\scm.exe
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} (:-) VideoSoft FlexGrid 7.0 (Light)) - http://www.ses.lt/sesweb/vsflex7l.ocx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.59.0.1,212.59.0.2
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 14, 2019, 02:36:29 PM