|
4 Sep 2004, 01:04
|
#1
|
edited for readability
Join Date: Feb 2003
Location: for something...
Posts: 1,207
|
Hijack this Help.
Logfile of HijackThis v1.98.2
Scan saved at 7:51:58 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\Desktop\hjtlog.exe
c:\hijackthis\hijackthis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
)_)_)_)_)_)_)_)
That is the bit i get back after i run hijack this.
But let me tell you what the problem is... so Maybe someone can possibly help.
I have Ad-aware, McAffee online anti-virus, and SpyBot search and destroy.
I have been running/scanning/running again and again for the past week, and even tried to run ad-aware in SAFE MODE to try to get rid of this horrible spyware (WebRebatesO.exe) ect.
I have Windows XP, and use Firefox (but still have IE on my computer) (any help with uninstalling that too would be helpfull).
I try to keep windows XP updated, but im not sure whether im completley up to date with everything.
The biggest problem is that from time to time, either the start bar (at the bottom) freezes (nothing happens when i click on it) and my firefox windows continute to work fine, (as long as i dont switch from 1 window to another) or the start bar works, and the firefox windows dont work, and when i switch from one browser window to another on rare occasion that freezes.
I have a p4 computer with 512 ram.. Dell Inspiron if that helps..
anyhelp would be VERY VERY appreciated.
EDIT: After i try closing the WEBREBATES they open themselves up again instantly.
and from time to time, windows resets itsself
Sounds like some sort of virus.. but Mcaffe smiles :-(
|
|
|
4 Sep 2004, 01:34
|
#2
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Re: Hijack this Help.
Different things to try:
- Try to end the processes WebRebates0.exe and 1.exe. Be QUICK, if they restart each other.
Do try to kill them using Windows Task Manager. Press [CTRL] + [SHIFT] + [ESC], switch to processes, end remove them.
Then try to delete the folder C:\Program Files\Web_Rebates.
- Make sure Ad-Aware, Spybot Search and McAffee are up2date. As well as your Windows. Go to http://windowsupdate.microsoft.com, choose the "advanced / expert configuration", not "express". Download and install critical updates (but not SP2 if you don't know what you're doing).
- Try to disable automatic system restore. Press [WIN-Key] + [PAUSE], go to tab System Restore, and enable "Deactive for all drives". Then do the scanning with all your programs. Restart. Repeat maybe. If successful, don't forget to re-enable (i.e. turn off) that option again.
- Restart, boot to safe mode (keep hitting F8 right after turning on your pc, after a menu appears). Try deleting C:\Program Files\Web_Rebates.
- Report back.
__________________
[ »] Entropy increases! :-/
|
|
|
4 Sep 2004, 01:53
|
#3
|
Godfather
Join Date: May 2000
Location: England
Posts: 5,185
|
Re: Hijack this Help.
http://www.kephyr.com/spywarescanner/
get that
search after you update it.
click on whatever it finds (its instant) and then follow the instructions on how to remove.
__________________
Forum Administrator
Mail : [email protected] // IRC : #forums
__________________
It's not personal, it's just business.
|
|
|
4 Sep 2004, 01:56
|
#4
|
edited for readability
Join Date: Feb 2003
Location: for something...
Posts: 1,207
|
Re: Hijack this Help.
thank you all, and i will try that to night. :-)
|
|
|
4 Sep 2004, 11:49
|
#5
|
Insomniac
Join Date: May 2003
Posts: 3,583
|
Re: Hijack this Help.
see, on win 98 now you coulda put something in the autoexec.bat to erase them and then rebooted to remove it
dunno / doubt if you can on winxp
|
|
|
4 Sep 2004, 13:28
|
#6
|
Born Sinful
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
|
Re: Hijack this Help.
You can get to my favourite place instead on WinXP, the Recovery Console: it boots the system without loading the GUI section of windows, or any drivers, processes or services beyond what is necessary to give you a good old fasioned 80x25 dos-a-like screen in text mode.
As to killing those processes, if they restart each other you can try making a batch file and using taskkill.
eg:
taskkill /im 1.exe
taskkill /im WebRebates0.exe
By doing the commands in the batch file they should be executed in sequence one directly after the other, BEFORE one process has the chance to restart the other.
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.
|
|
|
5 Sep 2004, 01:39
|
#7
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Re: Hijack this Help.
K, quick question (want a shorter answer then looking in MSDN pls): How to get to the recovery console?
BTW, very nice that taskkill command!!!
__________________
[ »] Entropy increases! :-/
|
|
|
5 Sep 2004, 01:50
|
#8
|
Insomniac
Join Date: May 2003
Posts: 3,583
|
Re: Hijack this Help.
reboot from the xp cd, its one of the options
theres a key you hold down too from hd but i cannot for the life of me remember it
|
|
|
5 Sep 2004, 17:53
|
#9
|
Born Sinful
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
|
Re: Hijack this Help.
If you want it permanently available you have to install it.
Put your XP cd in the drive, then (assuming your CD drive is D):
D:\i386\winnt32.exe /cmdcons
When you reboot the computer it displays a menu asking if it should start XP, or drop you to the console.
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.
|
|
|
|
All times are GMT +1. The time now is 18:36.
| |