Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Old Hippies Overworking Toaster (Resolved)

Started by hippiemind , May 21 2005 08:39 PM

  • This topic is locked This topic is locked

#16
Kat
Posted 23 May 2005 - 01:00 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello again! The Frunlog doesn't help. Can you please re-read this step, and follow it? I need to see the log that this will create! :tazz:

Next, I need you to open Notepad and copy everything in the code box below exactly as it appears and paste it into notepad. Save it to your desktop as File Name: drvi.bat and Save as Type: ALL FILES 

cd "%windir%\system32\drvi"
dir /s /a >drvi.txt
Start notepad drvi.txt
echo %systemroot%
cls

Now, close ALL programs and windows, and double click on the drvi.bat on your desktop. It will do what I need it to, and then open something in Notepad. Please copy everything that comes up in Notepad, and paste it here to me in a reply, along with another HJT log!!
  • 0

Advertisements

#17
hippiemind
Posted 24 May 2005 - 10:31 PM

hippiemind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Hi Kat........

OK........here is the notepad:

Volume in drive C has no label.
Volume Serial Number is 3061-150F

Directory of C:\WINDOWS\SYSTEM32\drvi

05/22/2005 09:17 AM <DIR> .
05/22/2005 09:17 AM <DIR> ..
05/22/2005 09:17 AM 110,592 sswqrhbsdj.dll
05/02/2005 04:15 PM 528,384 sswqrhbsdj.exe
05/22/2005 09:47 AM 1,054,866 sswqrhbsdj.dat
05/24/2005 10:24 PM 1,199 sswqrhbsdj.log
05/24/2005 10:25 PM 0 drvi.txt
5 File(s) 1,695,041 bytes

Total Files Listed:
5 File(s) 1,695,041 bytes
2 Dir(s) 31,759,958,016 bytes free



And here the HJT log:...............(gets easier every time) :tazz:


Logfile of HijackThis v1.99.1
Scan saved at 10:28:45 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\MY DOWNLOADS\security suite\ewidoctrl.exe
C:\MY DOWNLOADS\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Aws\WeatherBug\Weather.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drvi\sswqrhbsdj.exe
C:\MY DOWNLOADS\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7E667AD7-CD18-AF6C-462D-A812309654D2} - C:\WINDOWS\system32\drvi\sswqrhbsdj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [Weather] C:\Program Files\Aws\WeatherBug\Weather.exe 1
O4 - Global Startup: Action Manager 32.lnk = C:\WINDOWS\SYSTEM32\notepad.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral....s/pmupdate2.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A3374E-2D30-4C4A-811F-80E6356DEE77}: NameServer = 168.253.8.17 168.253.8.18
O23 - Service: ewido security suite control - ewido networks - C:\MY DOWNLOADS\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\MY DOWNLOADS\security suite\ewidoguard.exe




I await
  • 0

#18
Kat
Posted 25 May 2005 - 10:27 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello!

Reboot into Safe Mode by continually tapping the F8 key as the computer begins to start up.

Find this folder, and delete it:

C:\WINDOWS\SYSTEM32\drvi


Make sure you delete that whole folder , not just the files inside! Then post another HJT log. :tazz:
  • 0

#19
hippiemind
Posted 26 May 2005 - 11:48 AM

hippiemind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Howdy Kat................

Here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:44:18 AM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\MY DOWNLOADS\security suite\ewidoctrl.exe
C:\MY DOWNLOADS\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Aws\WeatherBug\Weather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\MY DOWNLOADS\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E099885F-CD0E-E03C-2A78-20E158A2F5D2} - C:\WINDOWS\system32\drvi\sswqrhbsdj.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [Weather] C:\Program Files\Aws\WeatherBug\Weather.exe 1
O4 - Global Startup: Action Manager 32.lnk = C:\WINDOWS\SYSTEM32\notepad.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral....s/pmupdate2.exe
O23 - Service: ewido security suite control - ewido networks - C:\MY DOWNLOADS\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\MY DOWNLOADS\security suite\ewidoguard.exe

Are we getting somewhere? :tazz:
  • 0

#20
Kat
Posted 26 May 2005 - 12:57 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Yes we sure are!! One last thing to do!

Open HijackThis and scan for a log. Check off ONLY this entry:

O2 - BHO: (no name) - {E099885F-CD0E-E03C-2A78-20E158A2F5D2} - C:\WINDOWS\system32\drvi\sswqrhbsdj.dll (file missing)

Make sure no other windows are open, and click the "Fix Secleted" button. Then reboot, and post me one last log here in a reply! You should be good to go then! :tazz:
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP