droldham
asked on
nasty webrebates0 and webrebates1 - how can i get rid of these suckers?
i have tried spybot search and destroy, hijack this, cw shredder, and adaware to get rid of this horrible program...it keeps coming back. below i have pasted my recent hijackthis log in hopes that something will jump out at you...i have checked and removed the webrebates.exe's from here several times but it doesn't seem to do any good...i think that this program may have been responsible for killing my IE which i finally disconnected and am now running Netscape 7.0. my operating system is windows 98. has anyone seen this program before and had success in hurling it back into the black void from which it came? it seems worse than gator (is that possible?)
Logfile of HijackThis v1.97.7
Scan saved at 7:21:45 AM, on 10/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.t sk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EX E
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR ECTCD.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCM D.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EX E
C:\WINDOWS\SYSTEM\WINWWR32 .EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBAT ES0.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\SONIQUE\SQSTART.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NE TSCP.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\SMARTDSK\FLASH\FLSHSTAT .EXE
C:\PROGRAM FILES\MSAC-FD1\MSSTAT.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32. EXE
D:\PROGRAM FILES\QWDLLS.EXE
C:\WINDOWS\SYSTEM\ZONELABS \VSMON.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBAT ES1.EXE
C:\WINDOWS\DESKTOP\DAD\DOW NLOADS\HIJ ACKTHIS.EX E
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://seattletimes.nwsource.com/html/home/
N1 - Netscape 4: user_pref("browser.startup .homepage" , "www.yahoo.com"); (C:\Program Files\Netscape\Users\defau lt\prefs.j s)
N3 - Netscape 7: user_pref("browser.startup .homepage" , "http://seattletimes.nwsource.com/html/home/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\defa ult\es8fod v0.slt\pre fs.js)
N3 - Netscape 7: user_pref("browser.search. defaulteng ine", "engine://C%3A%5CPROGRAM%2 0FILES%5CN ETSCAPE%5C NETSCAPE%5 Csearchplu gins%5CSBW eb_01.src" ); (C:\WINDOWS\Application Data\Mozilla\Profiles\defa ult\es8fod v0.slt\pre fs.js)
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-5 1D73BD81C3 A} - (no file)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0 C15C5CA880 F} - (no file)
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.ex e
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT CD\DIRECTC D.EXE
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgki ll.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e"
O4 - HKLM\..\Run: [Sys29] C:\WINDOWS\SYSTEM\WINWWR32 .EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebat es0.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Ne tscp.exe" -turbo
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Flashpath Status.lnk = C:\SMARTDSK\FLASH\FLSHSTAT .EXE
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03 .EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Quicken Startup.lnk = D:\Program Files\QWDLLS.EXE
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\T p1150\scri 1150a.htm
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGI NS\npqtplu gin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4 4455354000 0} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Logfile of HijackThis v1.97.7
Scan saved at 7:21:45 AM, on 10/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EX
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIR
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCM
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EX
C:\WINDOWS\SYSTEM\WINWWR32
C:\PROGRAM FILES\WEB_REBATES\WEBREBAT
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\SONIQUE\SQSTART.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\SMARTDSK\FLASH\FLSHSTAT
C:\PROGRAM FILES\MSAC-FD1\MSSTAT.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.
D:\PROGRAM FILES\QWDLLS.EXE
C:\WINDOWS\SYSTEM\ZONELABS
C:\PROGRAM FILES\WEB_REBATES\WEBREBAT
C:\WINDOWS\DESKTOP\DAD\DOW
R0 - HKCU\Software\Microsoft\In
N1 - Netscape 4: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-5
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.ex
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgki
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\Run: [Sys29] C:\WINDOWS\SYSTEM\WINWWR32
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebat
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Ne
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Flashpath Status.lnk = C:\SMARTDSK\FLASH\FLSHSTAT
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Quicken Startup.lnk = D:\Program Files\QWDLLS.EXE
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\T
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGI
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.