Jump to content


Photo

I will wait an be patient...


  • Please log in to reply
6 replies to this topic

#1 ivegotsand

ivegotsand

    Bubbles

  • Full Member
  • Pip
  • 12 posts

Posted 03 July 2004 - 11:38 PM

Also have really strange words that appear to think they are programs in the ctrl/alt/delete screen.

Winpppoverethernet
180search assistant
webrebates

Edited by ivegotsand, 03 July 2004 - 11:48 PM.


#2 ivegotsand

ivegotsand

    Bubbles

  • Full Member
  • Pip
  • 12 posts

Posted 04 July 2004 - 01:58 AM

I have a little bit of an issue w/ad-aware download (which I read we should download first.) I have windows 95 and neither download (perhaps not the software) support.

Any suggestions? Another software program (freeware) that will work as well.

Also, does the web download that you list second (can't remember the name offhand) work with 95? If not, may I have a suggestion for it as well.

Thanks

#3 thyme

thyme

    Full Member

  • Full Member
  • Pip
  • 93 posts

Posted 04 July 2004 - 03:32 AM

Hi

Here is some info on each of the words you have listed, and they are all programmes, either you or someone else downloaded onto your computer.

webrebates

This is a spyware scanner programme. Below is the link for you to read up on what this is.

http://www.scanspywa.../WebRebates.htm


180search Assistant

180search Assistant is a permission-based search assistant application that provides you access to a wide range of websites, applications and information. 180search Assistant is a small application that is downloaded to your computer and runs in the background looking to show websites with information, offers and products that match keywords that you are looking for when either shopping or searching online


Here is the link for info so you check out the site

http://www.180search...om/privacy.html


Winpppoverethernet


Background task for WinPoET.  WinPoET is a program which provides support for PPPoE (Point-to-Point Protocol Over Ethernet).  For the layman PPPoE is a technology which enables your ISP to connect you to DSL/ADSL access in a manner that looks to you as if you are connecting via a standard modem, except that you are in fact connecting via a network card.  Recommendation :
If WINPPPOVERETHERNET is running on your PC, and it was provided by your current ISP, then you need it, period


taken from this link

http://www.answersth.../tasklist_w.htm


The question you ask about adaware is it a compatablity question as to wether this will run on your computer? I found this info on their site

What platforms is Ad-aware compatible with?
Ad-aware is compatible with Windows® 98, 2000, NT40, XP and ME

Spybot search and destroy
This programme is compatiable with following

Minimum requirements: Windows 95/98/Me/NT/2000/XP

#4 ivegotsand

ivegotsand

    Bubbles

  • Full Member
  • Pip
  • 12 posts

Posted 04 July 2004 - 10:54 AM

Thanks for the info.

Am I still waiting on someone to look over my hijacked log? Why is mine harder and different then everyone else's?

#5 thyme

thyme

    Full Member

  • Full Member
  • Pip
  • 93 posts

Posted 04 July 2004 - 12:27 PM

Hi

I assume you have posted a hi jack log in another topic?

All logs are different in various ways, but sometimes it is more a time aspect, and that people are looking for a full solution to help you with the right answers, before they post back a response. If you feel the post may have been overlooked you can type in a response with the word bump.

#6 ivegotsand

ivegotsand

    Bubbles

  • Full Member
  • Pip
  • 12 posts

Posted 04 July 2004 - 03:47 PM

I did post it to another, but the lady tied 3 threads together and I guess I assumed whomever pulled up this one she created would see it - or she would in any case.

A couple of key points regarding my problems are - I read the beginners instructions and know I need to ad ad-ware but my windows 95 doesn't support it.

Webrebates seems to be the big, problem word I see alot. I have finally deleted 180search install and it hasn't come back this time.

No pop ups come thru, my internet still picks and chooses when it will pull up a full screen and my email is a hassle. I have wierd .dat files and other things incorporated all thru many of my programs, files... It doesn't seem any good to delete them because they are obviously coming from a higher power.

Thanks Again
Logfile of HijackThis v1.98.0
Scan saved at 1:36:00 PM, on 7/4/04
Platform: Windows 95 a (Win9x 4.00.1212)
MSIE: Internet Explorer v5.00 SP1 (5.00.3105.0105)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\PLEXTOR2000\PLXTASK.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL (file missing)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL (file missing)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM218.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [UpdateMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\UPDATEMGR.EXE" /NOCM
O4 - HKLM\..\Run: [PLXSTART] C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE
O4 - HKLM\..\Run: [PLXTASK] C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [ifumsjljobtpg] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WebSavingsfromEbates] C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbatesrun.exe /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\McAfee\McAfee Office\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\McAfee\McAfee Office\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [NetCommando2000AutoLoad] C:\PROGRAM FILES\NET-COMMANDO 2000\NC2000
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunOnce: [UniSc] "C:\PROGRAM FILES\MCAFEE\MCAFEE OFFICE\UNINSTALLER\UNISC.EXE"
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .dcr: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NP32DSW.DLL
O12 - Plugin for .: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .SWF: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .html: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O13 - WWW. Prefix: http://
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flings...TInc/bridge.cab

#7 thyme

thyme

    Full Member

  • Full Member
  • Pip
  • 93 posts

Posted 06 July 2004 - 01:38 PM

Hi ivegotsand

Please post for help in one topic at a time, if you start several threads it makes it difficult for us to know what help you have already received.


Please close all other open windows and browsers, then have hi-jack this fix the following:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink Inc.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM218.DLL
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O4 - HKLM\..\Run: [ifumsjljobtpg] C:\WINDOWS\SYSTEM\vbvtua.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WebSavingsfromEbates] C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbatesrun.exe /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flings...TInc/bridge.cab



Please look for the following file in your add/remove programmes

Twain-tec

click on to remove
if you cannot find the programme here do the following:
Open My Computer.
Select the View menu and click Options.
Select the View Tab.
Select the Show all files Radio Button.
Click OK.

Look for twaintec.dll

delete this file

Also please look for the following files and delete them if found

wupdt.exe
vbvtua.exe
A.EXE
WebSavingsfromEbatesrun.exe


When you have completed the above please reboot your computer and post a fresh log so that we can check your system is clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button