Results 1 to 3 of 3
  1. #1
    geoj102
    Guest

    Default WebRebates got me down

    I followed the steps suggested and Webrebates are still coming up in my processes. Also, I am receiving a message about some "bridge" file when I boot up. Can you help me. Here is my log from Hijack. I really appreciate any help.

    Logfile of HijackThis v1.98.0
    Scan saved at 12:58:47 PM, on 8/20/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\kub.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\John Jackson\Local Settings\Temporary Internet Files\Content.IE5\YBAFM1YJ\HijackThis1980[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 40.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 40.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - HKCU\..\Run: [Dhk] C:\WINDOWS\System32\kub.exe
    O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.db105.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/...ad/tgctlcm.cab
    O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - http://help.bellsouth.net/sdccommon/...ad/tgctlpw.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/126.chm::/file.exe
    O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.americanhoes.com/sexshows/sexshows.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1092961971574
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    Thank you

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Please run what ever programs that you have not already run from here:

    http://www.help2go.com/postt8026.html

    Besure that you get SP1 for XP installed, NOT SP2 (that came out today)

    Post another log using the "Post reply" button at the bottom of this page.

    Cheers

  3. #3
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://db105.com:81/cgi-bin/index.cgi?c=0

    O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 40.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 40.dll

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

    O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - HKCU\..\Run: [Dhk] C:\WINDOWS\System32\kub.exe
    O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe

    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.db105.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com

    O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab

    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/126.chm::/file.exe

    O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.americanhoes.com/sexshows/sexshows.cab


    Then reboot into >>>safe mode<<< Click Here for instructions find and delete :-

    C:\Program Files\Web_Rebates ... folder

    C:\WINDOWS\System32\explorer32.exe ... file
    C:\WINDOWS\System32\kub.exe ... file

    c:\windows\dllhlp.exe ... file

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -