Websiteviewer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Mr.No1

Thread Starter
Joined
Sep 3, 2004
Messages
7
Some pls. I am running Win XP and I've got Websiteviewer and I am not able to get rid of this stuff ...

My Hijack This log is :

Logfile of HijackThis v1.97.7
Scan saved at 15:03:37, on 2004-09-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw5.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw5.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.tiscali.se/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Tiscali SE fts] "C:\Program\Tiscali SE\Tiscali ADSL Bredband\fts.exe"
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] winxp64.exe
O4 - HKLM\..\Run: [win updates] wugrds.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dmxtcyr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Windows Compliant] zzvqme.exe
O4 - HKLM\..\Run: [Media Player] wmplayer.exe
O4 - HKLM\..\Run: [XML Service] msxml32.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] winupdate.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\Run: [Windows Media Player] muqoki.exe
O4 - HKLM\..\Run: [Generic Host Service] lshost.exe
O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winxp64.exe
O4 - HKLM\..\RunServices: [win updates] wugrds.exe
O4 - HKLM\..\RunServices: [Windows Compliant] zzvqme.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [XML Service] msxml32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] winupdate.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\RunServices: [Windows Media Player] muqoki.exe
O4 - HKLM\..\RunServices: [Generic Host Service] lshost.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [win updates] wugrds.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winxp64.exe
O4 - HKCU\..\Run: [Windows Compliant] zzvqme.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Update] winupdate.exe
O4 - HKCU\..\RunServices: [Microsoft Update Machine] winxp64.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: Tiscali ADSL Bredband.lnk = C:\Program\Tiscali SE\Tiscali ADSL Bredband\connect.exe
O9 - Extra button: Informationshanteraren (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094140172794
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


help needed :rolleyes:
 

Mr.No1

Thread Starter
Joined
Sep 3, 2004
Messages
7
Got this rigt now ..

Logfile of HijackThis v1.98.2
Scan saved at 14:11:20, on 2004-09-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\Ägaren\Skrivbord\hijackthis\HijackThis.exe
C:\Program\Tiscali SE\Tiscali ADSL Bredband\connect.exe
C:\Program\Tiscali SE\Tiscali ADSL Bredband\fts.exe
C:\Program\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw5.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw5.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Tiscali SE fts] "C:\Program\Tiscali SE\Tiscali ADSL Bredband\fts.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Tiscali ADSL Bredband.lnk = C:\Program\Tiscali SE\Tiscali ADSL Bredband\connect.exe
O9 - Extra button: Informationshanteraren - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C5529B4-F3AC-45FC-984D-E2AB61A56230}: NameServer = 195.67.199.24 195.67.199.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C5529B4-F3AC-45FC-984D-E2AB61A56230}: NameServer = 195.67.199.24 195.67.199.25
 

Mr.No1

Thread Starter
Joined
Sep 3, 2004
Messages
7
Nope, I have not been able to rung online virus scans or download all the Updates 'cause of this "thing" it slows down my puter 100% CPU Usage and is redirecting me when I am going in to MY sites but it redirects me to porno gambling sites etc. perky nipz etc etc etc .. Its also placing .exe files like loveme, sexy etc. in my windows and program folder . :mad:
 

Mr.No1

Thread Starter
Joined
Sep 3, 2004
Messages
7
Its still here, I am able to remove TIBS with ad-aware but its back when the puter is rebooted again ...

some1 pls. help :rolleyes:
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again, click on Config, Misc Tools, put checks in the boxes under Generate StartupList log and paste that log back here.
 

Mr.No1

Thread Starter
Joined
Sep 3, 2004
Messages
7
Logfile of HijackThis v1.98.2
Scan saved at 19:26:59, on 2004-09-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ägaren\Skrivbord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw5.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw5.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw5.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Tiscali SE fts] "C:\Program\Tiscali SE\Tiscali ADSL Bredband\fts.exe"
O4 - HKLM\..\Run: [Microsoft Updater] updater.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Zone Alarm] vsmon.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\Run: [Windows Media Player] uefgof.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [System32 Spool ] winint.exe
O4 - HKLM\..\RunServices: [Microsoft Updater] updater.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Zone Alarm] vsmon.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\RunServices: [Windows Media Player] uefgof.exe
O4 - HKLM\..\RunServices: [XML Service] msxml32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [System32 Spool ] winint.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [System32 Spool ] winint.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
O4 - HKCU\..\Run: [Microsoft Updater] updater.exe
O4 - HKCU\..\Run: [Windows Media Player] uefgof.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [System32 Spool ] winint.exe
O4 - HKCU\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKCU\..\RunServices: [Windows Media Player] uefgof.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\RunOnce: [System32 Spool ] winint.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - Global Startup: Tiscali ADSL Bredband.lnk = C:\Program\Tiscali SE\Tiscali ADSL Bredband\connect.exe
O9 - Extra button: Informationshanteraren - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094386575214
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C5529B4-F3AC-45FC-984D-E2AB61A56230}: NameServer = 195.67.199.24 195.67.199.25
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Bring up Task Manager by pressing CTRL+ALT+Delete.

End task on these:
updater.exe
ati2vid.exe
PDSched.exe
wuam.exe
winupdate.exe
uefgof.exe
syscfg32.exe
videosd32.exe
winint.exe
updater.exe
msxml32.exe

Now see if you can run one of the online virus scans.
 

Mr.No1

Thread Starter
Joined
Sep 3, 2004
Messages
7
I appreciate your help and I am sure that it will work but 1 really HUGE problem is that I am not able to bring up the task manager :-( when i have got mouse.over the icon down right or mouse.on the window it just shuts itself off ..
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [Microsoft Updater] updater.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\Run: [Windows Media Player] uefgof.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [System32 Spool ] winint.exe
O4 - HKLM\..\RunServices: [Microsoft Updater] updater.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdate.exe
O4 - HKLM\..\RunServices: [Windows Media Player] uefgof.exe
O4 - HKLM\..\RunServices: [XML Service] msxml32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [System32 Spool ] winint.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [System32 Spool ] winint.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [Microsoft Updater] updater.exe
O4 - HKCU\..\Run: [Windows Media Player] uefgof.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [System32 Spool ] winint.exe
O4 - HKCU\..\Run: [WindowsRegKey update] winupdate.exe
O4 - HKCU\..\RunServices: [Windows Media Player] uefgof.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\RunOnce: [System32 Spool ] winint.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe


Close all applications and browser windows before you click "fix checked".


Restart in Safe Mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files: You will find them in the c:\windows or c:\windows\system32 folders.

updater.exe
ati2vid.exe
PDSched.exe
wuam.exe
winupdate.exe
uefgof.exe
syscfg32.exe
videosd32.exe
winint.exe
updater.exe
msxml32.exe

Reboot.

Now see if you can run the virus scans and also very important that you get the critical patches from Windows update site.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top