Web_Rebates HELP! 9 replies

Please wait...

Shrapnel`

I'm too cool to Post

50 XP

1st November 2004

0 Uploads

16 Posts

0 Threads

#1 13 years ago

Hi, I've tried deleting my webrabates folder (spyware program), and it won't delete, and an error saying something will pop up. I've looked around on google for answers to get rid of Web_Rebates, and they said to download hijack this. Now I've scanned with hijack this, and here is my log: Logfile of HijackThis v1.98.2

Scan saved at 6:53:01 PM, on 11/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\temp\salm.exe

C:\Program Files\Windows AdControl\WinAdCtl.exe

C:\Program Files\Windows AdControl\WinAdAlt.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\cwp\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe

O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81ee3383b0ea8e7907d8ff8120d152c9108497b101ba07f7894d89ff4bfca85e797dee1383da27e158837a4fd5d9e9604a81e4edb7c2:1494e4a51933efb79fe3bba631960d34

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Now if none of you know which files I should delete in my log, and how I do it, can you guys tell me a site I can go to, to tell me which files in the log I need to delete, and how I do it. Thanks for your help




Pethegreat VIP Member

Lord of the Peach

70 XP

19th April 2004

0 Uploads

20,892 Posts

0 Threads

#2 13 years ago

Ah don't you love spyware? Have you tried using Spybot Seach and destroy or adware se? Those should kill it. If not do a reformat if you legally have the windows disks;).




Shrapnel`

I'm too cool to Post

50 XP

1st November 2004

0 Uploads

16 Posts

0 Threads

#3 13 years ago

can you give me the links to them, I've already got Webroot Spy Sweeper though, would that kill it?




Ensign Riles VIP Member

No! I'm Spamacus!

426,515 XP

17th June 2003

0 Uploads

39,479 Posts

1 Threads

#4 13 years ago

Ad-Aware Spybot S&D They are two of the best programs out there that you can get for free. Best used in conjuction with each other.




Operative34997

error 414- user not found

50 XP

3rd June 2004

0 Uploads

794 Posts

0 Threads

#5 13 years ago

Might I suggest Mcafee's new 2005 Anti-Spyware program? It's a lot more comprehensive and sturdy and it only costs $30 US.




Grimme

I like you

50 XP

3rd July 2004

0 Uploads

3,715 Posts

0 Threads

#6 13 years ago

I had that problem, I think I managed to remove it via add or remove programs.




Shrapnel`

I'm too cool to Post

50 XP

1st November 2004

0 Uploads

16 Posts

0 Threads

#7 13 years ago

Nah it won't allow me to remove it from Program Folders, OR add or remove programs. I'm gonna d/l them and see if they can get rid of it. I'm sure I wouldn't have to use Mcafee Antivirus 2005, cuz I've got Nortons Anti-virus 2005, and I'm sure that's better. Thanks for your help.




Operative34997

error 414- user not found

50 XP

3rd June 2004

0 Uploads

794 Posts

0 Threads

#8 13 years ago

Not McAfee Anti-virus, McAfee Anti-Spyware. Two separate programs. And the McAfee anti-Spyware is more comprehensive than the Anti-SW that Norton currently has. In my job I help maintain a highspeed network that is always on the internet. Some workstations have Norton, some have McAfee. Through testing I have confirmed that McAfee's 2005 Anti-Spyware will offer better Adware/Spyware protection. However, if you are using Norton already, I don't recommend using the McAfee in conjuction, because the two programs will "compete" for supremacy in your system. It's best to use either one or the other. If you have all of your Symantec updated, and you still cannot remove the adware either with Norton or manually, then as a last resort, you can try to use the Add/Remove Programs utility in Windows Safe-Mode. To get to safe mode, press the F8 key just as the BIOS is finishing the POST process, then select Safe Mode. If that doesn't work, then reformatting will probably be the easiest and quickest way to get rid of it.




ra3don

I'm too cool to Post

50 XP

20th November 2004

0 Uploads

10 Posts

0 Threads

#9 13 years ago

I have had the same problem. I deleted it and as soon as i did it would show back up. I got rid of it with pestpatrol very good software




ra3don

I'm too cool to Post

50 XP

20th November 2004

0 Uploads

10 Posts

0 Threads

#10 13 years ago

Shrapnel`Hi, I've tried deleting my webrabates folder (spyware program), and it won't delete, and an error saying something will pop up. I've looked around on google for answers to get rid of Web_Rebates, and they said to download hijack this. Now I've scanned with hijack this, and here is my log: Logfile of HijackThis v1.98.2

Scan saved at 6:53:01 PM, on 11/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\temp\salm.exe

C:\Program Files\Windows AdControl\WinAdCtl.exe

C:\Program Files\Windows AdControl\WinAdAlt.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\cwp\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe

O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81ee3383b0ea8e7907d8ff8120d152c9108497b101ba07f7894d89ff4bfca85e797dee1383da27e158837a4fd5d9e9604a81e4edb7c2:1494e4a51933efb79fe3bba631960d34

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Now if none of you know which files I should delete in my log, and how I do it, can you guys tell me a site I can go to, to tell me which files in the log I need to delete, and how I do it. Thanks for your help

You seem to know your stuff about windows lol :)