Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

winfixer2005 and lots of other windows popping up [RESOLVED]

Started by AZwriter , Aug 30 2005 09:11 PM

This topic is locked

#1
AZwriter

Posted 30 August 2005 - 09:11 PM

New Member

Member
4 posts

Hi. I'm probably posting to the wrong place. Having trouble finding my way around. It's a miracle I found your site at all.

I've gone through all the things on the "start here" page that would run on Win98. I'm getting tons of WinFixer2005 messages and out of the blue other sites will pop up. Following is my Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 7:59:33 PM, on 8/30/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\180SEARCHASSISTANT\SALM.EXE
C:\WINDOWS\SYSTEM\ATCQGV8T.EXE
C:\PROGRAM FILES\PPMP\PNMMWJS.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\WINFIXER 2005\WFX5.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.EXE
C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O2 - BHO: (no name) - {554684C0-18D0-11DA-979D-0050FC8F20EA} - C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SALMHOOK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE2 Reminder] "C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\EREGENG\EREG.EXE" -r "C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\EREGENG\ereg.ini"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [jmj] C:\WINDOWS\jmj.exe
O4 - HKLM\..\Run: [atcqgv8t] C:\WINDOWS\SYSTEM\atcqgv8t.exe
O4 - HKLM\..\Run: [PROSITEFINDER] C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.EXE
O4 - HKLM\..\Run: [Jsugs] C:\PROGRAM FILES\PPMP\PNMMWJS.EXE
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\WINDOWS\TEMP\djtopr1150.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [WinFixer 2005] "C:\PROGRAM FILES\WINFIXER 2005\WFX5.EXE" /min
O4 - HKCU\..\RunServices: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunServices: [WinFixer 2005] "C:\PROGRAM FILES\WINFIXER 2005\WFX5.EXE" /min
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

#2
tampabelle

Posted 31 August 2005 - 09:23 AM

Member 5k

Retired Staff
6,363 posts

Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp

2. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O2 - BHO: (no name) - {554684C0-18D0-11DA-979D-0050FC8F20EA} - C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\PROGRAM FILES\180SEARCHASSISTANT\SALMHOOK.DLL
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [jmj] C:\WINDOWS\jmj.exe
O4 - HKLM\..\Run: [atcqgv8t] C:\WINDOWS\SYSTEM\atcqgv8t.exe
O4 - HKLM\..\Run: [PROSITEFINDER] C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.EXE
O4 - HKLM\..\Run: [Jsugs] C:\PROGRAM FILES\PPMP\PNMMWJS.EXE
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\WINDOWS\TEMP\djtopr1150.exe"
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

3. Delete Rogue files

Run CleanUp and delete all temp files including temporary internet files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel). Uninstall or remove the following items -

180 Search Assistant
180 Solutions
Bargain Buddy
Media Gateway

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\PROGRAM FILES\180SEARCHASSISTANT
C:\PROGRAM FILES\MEDIA GATEWAY
C:\PROGRAM FILES\PROSITEFINDER
C:\PROGRAM FILES\PPMP
C:\Program Files\Web_Rebates

Files
C:\WINDOWS\jmj.exe
C:\WINDOWS\SYSTEM\atcqgv8t.exe
C:\WINDOWS\TEMP\djtopr1150.exe
C:\WINDOWS\web\related.htm

Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.

#3
AZwriter

Posted 31 August 2005 - 10:57 PM

New Member

Topic Starter
Member
4 posts

hi tampabelle,
thanks so much for the help! i did not see the following two items:
04 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\WINDOWS\TEMP\djtopr1150.exe"
C:\WINDOWS\TEMP\djtopr1150.exe

here are the requested logs:

Logfile of HijackThis v1.99.1
Scan saved at 9:47:00 PM, on 8/31/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {D8205B40-1A61-11DA-979D-0050FC8F20EA} - C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE2 Reminder] "C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\EREGENG\EREG.EXE" -r "C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\EREGENG\ereg.ini"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [vuvud] C:\WINDOWS\vuvud.exe
O4 - HKLM\..\Run: [PROSITEFINDER] \Progra~1\PROSITEFINDER\prositefinder.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

----------------------------------------------------------------------------

Panda report:

Incident Status Location
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM\ide21201.vxd
Adware:adware/ncase No disinfected C:\TEMP\180SAInstaller.exe
Adware:adware/gator No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\HDPlugin1019.dll
Adware:adware/topsearch No disinfected C:\PROGRAM FILES\KAZAA LITE\TopSearch.dll
Adware:adware/oemji No disinfected C:\PROGRAM FILES\COMMON FILES\Oem Common
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM\SahImages
Adware:adware/cws No disinfected C:\WINDOWS\FAVORITES\Health
Spyware:spyware/dyfuca No disinfected Windows Registry
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\mssivqm5.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\5e929eu1.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\ATCQGV~1.TCF
Adware:Adware/nCase No disinfected C:\WINDOWS\Desktop\Hijack This\backups\backup-20050831-210834-682.dll
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Desktop\Hijack This\backups\backup-20050831-210834-802.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\Desktop\Hijack This\backups\backup-20050831-210834-357.inf
Adware:Adware/nCase No disinfected C:\WINDOWS\Desktop\Hijack This\backups\backup-20050831-210834-357.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\VUVUD.EXE.tcf
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\NEM220~1.TCF
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\cvu6jgs4.exe
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\WSEM30~1.TCF
Adware:Adware/nCase No disinfected C:\RECYCLED\DC0\salm.exe
Adware:Adware/nCase No disinfected C:\RECYCLED\DC0\salmhook.dll
Adware:Adware/MediaTickets No disinfected C:\RECYCLED\DC1\MediaGateway.exe
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\dugx2f4b.DLL
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\79d71v0q.DLL
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\ammejyhe.DLL
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\PROSIT~1.TCF
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\PROSITEFINDER1\prositefinder1.dll
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\PROSITEFINDER1\prositefinder1.exe
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\PROSITEFINDER1\prositefinder1.dll.tcf
Spyware:Spyware/ClearSearch No disinfected C:\RECYCLED\DC2\PROSITEFINDER.dll
Spyware:Spyware/Dyfuca No disinfected C:\RECYCLED\DC3\PNMMWJ~1.TCF
Adware:Adware/TopRebates No disinfected C:\RECYCLED\DC4\WebRebates0.exe
Adware:Adware/TopRebates No disinfected C:\RECYCLED\DC4\disp1150.exe
Adware:Adware/TopRebates No disinfected C:\RECYCLED\DC4\WebRebates1.exe.tcf
Spyware:Spyware/Dyfuca No disinfected C:\RECYCLED\DC5\update\actalert.exe.tcf
Adware:Adware/nCase No disinfected C:\RECYCLED\DC6.TCF
Spyware:Spyware/Cydoor No disinfected C:\Program Files\KaZaA Lite\cd_clint.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\KaZaA Lite\bdcore.dll
Spyware:Spyware/Cydoor No disinfected C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/nCase No disinfected C:\temp\180SAInstaller.exe
Adware:Adware/WinTools No disinfected C:\temp\ZCWEDowST3.exe
Spyware:Spyware/Dyfuca No disinfected C:\temp\optimize.exe

#4
tampabelle

Posted 01 September 2005 - 10:34 AM

Member 5k

Retired Staff
6,363 posts

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: (no name) - {D8205B40-1A61-11DA-979D-0050FC8F20EA} - C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [vuvud] C:\WINDOWS\vuvud.exe
O4 - HKLM\..\Run: [PROSITEFINDER] \Progra~1\PROSITEFINDER\prositefinder.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

KazaaLite
ProSite Finder

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\PROGRAM FILES\COMMON FILES\Oem Common
C:\WINDOWS\SYSTEM\SahImages
C:\Program Files\KaZaA Lite
C:\WINDOWS\FAVORITES\Health
C:\PROGRAM FILES\PROSITEFINDER

Files
C:\WINDOWS\DOWNLOADED PROGRAM FILES\HDPlugin1019.dll
C:\WINDOWS\SYSTEM\ide21201.vxd
C:\WINDOWS\SYSTEM\mssivqm5.exe
C:\WINDOWS\SYSTEM\5e929eu1.dll
C:\WINDOWS\SYSTEM\ATCQGV~1.TCF
C:\WINDOWS\VUVUD.EXE.tcf
C:\WINDOWS\vuvud.exe
C:\WINDOWS\scanregw.exe
C:\WINDOWS\NEM220~1.TCF
C:\WINDOWS\cvu6jgs4.exe
C:\WINDOWS\WSEM30~1.TCF
C:\TEMP\180SAInstaller.exe
C:\temp\ZCWEDowST3.exe
C:\temp\optimize.exe

(Search for this file using the Windows Search function)

Run CleanUp and delete all temp files including temporary internet files

Reboot the PC in Normal Mode and post a fresh HJT log

#5
AZwriter

Posted 01 September 2005 - 09:03 PM

New Member

Topic Starter
Member
4 posts

hi tampabelle,
here is my log. i haven't seen winfixer 2005 popup in awhile now--since that last clean up. the following files were not found:

C:\PROGRAM FILES\PROSITEFINDER
C:\WINDOWS\DOWNLOADED PROGRAM FILES\HDPlugin1019.dll
C:\WINDOWS\VUVUD.EXEtcf

Logfile of HijackThis v1.99.1
Scan saved at 7:44:33 PM, on 9/1/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE2 Reminder] "C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\EREGENG\EREG.EXE" -r "C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\EREGENG\ereg.ini"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

#6
tampabelle

Posted 02 September 2005 - 08:26 AM

Member 5k

Retired Staff
6,363 posts

Thats great news !! Your log also looks fine.

If you have no issues with your PC then we can fine tune your PC for optimal performance

#7
tampabelle

Posted 23 September 2005 - 08:56 AM

Member 5k

Retired Staff
6,363 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.