Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • Please log in to reply
9 replies to this topic

#1 pnkflyd1fn

pnkflyd1fn

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 02 December 2005 - 07:24 AM

Logfile of HijackThis v1.99.1
Scan saved at 4:18:17 AM, on 12/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: C:\WINNT\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINNT\adsldpbe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gateway Wireless USB-G 2.0 Service (Gateway Wireless USB-G 2.0) - Unknown owner - C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:38 PM

Posted 02 December 2005 - 12:40 PM

Fix this entry with HJT:

O2 - BHO: C:\WINNT\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINNT\adsldpbe.dll

Reboot and tell me how everything is.......

David

#3 pnkflyd1fn

pnkflyd1fn
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 02 December 2005 - 10:29 PM

I scanned my computer with Anti-virus/spyware/adware/malware programs and cleaned up everything. Thank God everything turned out ok. I ran hijack this and got rid of what you told me. The only thing now is I am unable to empty the recycling bin. It starts but never finishes so I end up pressing cancel and nothing is emptied. The desktop works but its slow and when I shut down I takes forever for the shutdown, stand-by, restart pop up to appear.

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:38 PM

Posted 03 December 2005 - 05:23 AM

Try this:

Download CleanUp!
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
Click Here to do a Panda online scan
  • If it asks you install active x controls click Yes
  • if a box comes up telling you to install the program also click Yes
  • Make sure you tick Disinfect automatically under Scan Options
  • complete the scan and post the log that you can save afterwards in the same way you did the HJT log.
  • It is normal for it to take a reasonable time to complete
David

#5 pnkflyd1fn

pnkflyd1fn
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 04 December 2005 - 12:29 AM

I downloaded cleanup and ran a few antivirus anti spyware programs again and everything is running much faster now. The only problem is I have one item in my recycling bin that wont delete. I have no idea how it even got there. It seems to be temporary internet files. When I try to delete it it says "cannot delete search cannot find specified file make sure you specify the correct path and file name"

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:38 PM

Posted 04 December 2005 - 09:59 AM

Do you know what it it?
Can you post the file name?

David

#7 pnkflyd1fn

pnkflyd1fn
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 04 December 2005 - 12:20 PM

It was in the recycling bin and I moved it onto the deskto to see what was inside and now I cant move it from the desktop. The file name is 2FUFI9I3

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:38 PM

Posted 04 December 2005 - 12:32 PM

Can you try deleting it in safe mode?
David

#9 pnkflyd1fn

pnkflyd1fn
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 04 December 2005 - 03:09 PM

I tried and it wont delete

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:38 PM

Posted 05 December 2005 - 03:58 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=A...e=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch.

Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users