1
   

Problem Getting Rid of a Program

 
 
Reply Sun 30 Jan, 2005 04:30 pm
Hello everyone, I'm new to this community so I was wondering if there is anything I'm doing wrong or should be doing please tell me.
======
The Problem: I am trying to get rid of a program which keeps on reinstalling itself onto my computer every hour or so and it is starting to get very annoying for me. I cannot find it in the Add/Remove Program list and i have trouble deleteing the actual program itself sometimes. The program will install itself onto my computer and have icons on my desktop. I delete these icons but they just keep on coming back. The actual file that I think is doing all this is located in my C:\ProgramFiles under a folder called "WebSiteViewer" but it will not let me delete it because it's "in use" and when I do get lucky and get to delete it, it still comes back. Can somebody please help?

Here is my HiJackThis Log; I"m not quite sure what exactly this does but everybody seems to be asking for it so here it is

==============
Logfile of HijackThis v1.99.0
Scan saved at 5:20:42 PM, on 30/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Everstrike Software\Universal Shield 3.3.1\US30Service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\prvdi.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LeechGet 2004\LeechGet.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sonique\Sonique.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\HAO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thestar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://thestar.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
==================

Thanks a lot.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 1,894 • Replies: 3
No top replies

 
MichaelAllen
 
  1  
Reply Mon 31 Jan, 2005 12:35 am
I'm not sure about this stuff myself. But, spybot or some other anti-spyware program have shredders. They delete the file in a very sure way. They shred the file several times just to make sure it is gone.

The following information comes from my spybot software:

The first 5 shreds are using pre-defined bit pattern that should make even hardware recovery impossible. Any further pass will use a random bit pattern that is changing every few Bytes.
Please notice: one pass is not enough to shred a file, as the heads of your hard disk won't hit the same track 100,00% of the time. There are small differences of a few ┬Ám that will allow pros to reconstruct even overwritten data. That is why multiple shreds are necessary, and why different patterns should be used.

Warning: This tool is designed to remove files so they can not be recovered again! If you use it, be aware of that!
0 Replies
 
guest
 
  1  
Reply Wed 2 Feb, 2005 03:13 am
prvdi seems to be a troublesome process.

I had s.th. similar to your experience with a recalcitrantly reinstalling programm 'dload.exe'. There simply was no way to get rid of this program. My firewall reported that this programm wanted to have access to the internet. I am very much concerned that it tried to install some sort of a dialer here on this system.

Perusing the list of processes I came across prvdi.exe, which was new in my System32 folder. Killing the processes dload and prvdi made it possible to delete the files dload.exe and prvdi.exe in my System32 folder. Subsequently I weeded out my registry from any entries relating to dload or prvdi. System runs smoothly thereafter.
0 Replies
 
GangstaTeddy
 
  1  
Reply Wed 2 Feb, 2005 10:38 am
Thanks you guys for replying, you've given me tips that I'll look further into.

btw MichaelAllen, do you happen to know the exact name of the spybots or antiviruses that to these shredding things because I've never really heard of it.

And for the guest that replied thanks a lot, I've managed to delete the main folder by getting rid of the processes that was running; however it is still returning, seeing as how you deleted prvdi.exe and dload.exe from your system32 folder, i've done the same, but the names of those have no relation to the name of what mine is called, "127021.dlr" is what the file is called that I can't seem to get rid of.
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Problem Getting Rid of a Program
Copyright © 2019 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 10/19/2019 at 03:41:14