Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SmartFinder 2

Status
Not open for further replies.
BadFrog

BadFrog

MIS
Joined
Jan 22, 2004
Messages
425
Location
US
Anyone had the pleasure of dealing with this bugger? Have tried Spybot S&D and hjt to no avail so far. I will post a log file later when I get home.

"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy"
Albert Einstein
 
Sort by date Sort by votes
Thanks Erik I will try those as well as post the hjt log file when I get home tonight. I appreciate the feedback.

"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy"
Albert Einstein
 
Upvote 0 Downvote
Ewido did the trick. A star for you, thanks Erik!

Here is the log. I now see a .dll that I had missed earlier. Oops.

Logfile of HijackThis v1.99.1
Scan saved at 7:37:10 AM, on 10/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

F3 - REG:win.ini: load= c:\quickenw\BILLMNDW.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {68F79F99-75BB-3696-AC11-DC7D8241232E} - C:\WINDOWS\addkf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apijp.exe



"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy"
Albert Einstein
 
Upvote 0 Downvote
I would remove this too:

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apijp.exe
 
Upvote 0 Downvote
BTW - I like to add, it may be way time to update to SP2 and all following HOTFIXES....



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
did you post that log from safe mode as it's a very small log! You don't appear to ahve either a firewall or an anti virus programme! Download 1 of each from the list below and install them!



free anti-virus tools

AVG7 from



Anti-vir


Avast 4 from





free firewalls







sygate





you'll need to remove these properly and fix your registry for this pest!


Click: to download cwsserviceremove.zip and unzip it to your desktop.



Download the pocket killbox



*Download Cleanup from Here




* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK

run it.



Click Start > Run > and type in:

services.msc

Click OK.

In the services window find Remote Procedure Call (RPC) Helper Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.


CAUTION: There is also a service named Remote Procedure Call (RPC) Locator and one called Remote Procedure Call (RPC) . These are the legitimate services. Do not stop those two.


Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


In Hijack This, click on the "Open Misc Tools section" button. Next click the "Delete an NT service" button. Copy and paste the following in that box:

11Fßä#·ºÄÖ`I

Click OK.


Restart to safe mode.


Perform the following steps in safe mode:


Double click on the cwsserviceemove.reg file you downloaded at the beginning to enter into the registry. Answer yes when asked to have its contents added to the registry.




have hijack this fix these entries. close all browsers and programmes before
clicking FIX.


F3 - REG:win.ini: load= c:\quickenw\BILLMNDW.EXE
O2 - BHO: Class - {68F79F99-75BB-3696-AC11-DC7D8241232E} - C:\WINDOWS\addkf32.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apijp.exe


Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the followinglines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.



C:\WINDOWS\apijp.exe
C:\WINDOWS\addkf32.dll


run cleanup!
 
Upvote 0 Downvote
Just to clarify: The log posted above was created BEFORE I had ran ewido and fixed the problem and I think it was ran from safe mode. I suppose I should have posted another one from after fixing it but I didn't think of it at the time sorry. All is well now and I am clean again, thanks for everyones help and ya I know Ben, I'm just really lazy hehe.

"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy"
Albert Einstein
 
Upvote 0 Downvote
Nice collection there. I am working with Avast at the moment and find it challenging. Any comments on the most appropriate AV software for a single desktop or very small network?
 
Upvote 0 Downvote
it depends waht you want and what your prepared to pay? If it's free then Anti vir is slightly ahead of Avast, AVG is quite a bit behind!

If you want to spend some money on a good programme, then the three I would suggest would be kaspersky, Nod32 and Trend Micro!

Kaspersky has hourly updates and has the most extensive database of all the anti virus programmes out there.

you can check out debates on all anti vir at the wilders forums here, note that they actually have dedicated threads to nod32!


 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top