Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searc-h.com, infotrack.net, etc.


  • Please log in to reply

#16
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Ser3nity, :tazz:

A discussion before my next post

In my next post I want you to fix that bad O20 line with HijackThis. That is, when you run the "scan" for HijackThis, I want you to put a checkmark next to that bad O20 line, Then I want you to copy that line down on a piece of paper, making sure you copy the associated, "random file" for that line. I want you to click the "Fix checked" buttton and "close out" of the HijackThis application. Then I want you to find that random file on your computer and delete this file from your computer. Then and only then I want you to restart your computer and post a new HijackThis log.

Note in my next post I will represent the random file as something like this "*******.dll", but the random file that you will delete will be different from "*******.dll". In other words, you have to find the random file in the log and delete it. I cannot tell you what it will be. :)

Wait for my next post. :)
  • 0

Advertisements


#17
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Ser3nity, :tazz:

Restart your computer.

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\*******.dll (Note: the "SideBySide" may say something different, don't let it throw you off, fix this line!!!)

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Delete the following file marked in blue (if they exist):

C:\WINDOWS\system32\*******.dll (Note: remember the "*******.dll" file represents a random file.)

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#18
Ser3nity

Ser3nity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
It won't let me delete the file because it's being used... what should I do?

~ Serenity
  • 0

#19
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Ser3nity, :tazz:

Restart your computer.

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\*******.dll (Note: the "SideBySide" may say something different, don't let it throw you off, fix this line!!!)

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Go to start -> run -> type the following "regsvr32 /u C:\WINDOWS\system32\*******.dll" (without the quotes)

(Note: The above this should unregister the random .dll file, then try to delete it.)

Delete the following file marked in blue (if they exist):

C:\WINDOWS\system32\*******.dll (Note: remember the "*******.dll" file represents a random file.)

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#20
Ser3nity

Ser3nity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
It still won't let me delete the file. RegSvr32 pops up saying "The process cannot access the file because it is being used by another process." :tazz:

~ Serenity
  • 0

#21
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Ser3nity, :tazz:

I am going to give you a slightly different set of instructions, involving an application called "Killbox". I will post back to you. Hang in there.

rambro :)
  • 0

#22
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Ser3nity, :tazz:

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

1) Please download the Killbox. Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3)

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\*******.dll (Note: the "SideBySide" may say something different, don't let it throw you off, fix this line!!!)

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

4) Once in Safe Mode, please run Killbox. Put a check mark next to "End explorer shell while killing file".

5) In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.

6) Select "Delete on Reboot".

7) In the "Full Path of File to Delete" field, type the following:

C:\WINDOWS\system32\*******.dll


8) (Note: remember the "*******.dll" file represents a random file.)

9) Click the red-and-white "Delete File" button.
Click "Ok" at the Delete on Reboot prompt.
Click "Ok" at the Reboot needed prompt.

10) Restart your computer in normal mode and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

(Note: If you have problems working in the "Safe Mode", do the above procedure in "Normal Mode". But first trying doing the above procedure in "Safe Mode" because "KillBox" works better in "Safe Mode".)
  • 0

#23
Ser3nity

Ser3nity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Rambro,

I tried what you said, but when I restarted and ran HijackThis there's still that line that begins with 020. Ewido also popped up as usual, with a file in the system32 folder. Every time I restart, Ewido pops up with a new random file. I didn't realize that getting this stuff off of my computer was going to be such a huge problem! :tazz: Anyway, let me know what else I should try.

~ Serenity
  • 0

#24
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Ser3nity, :tazz:

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Here is a slightly different set of instructions for using the "KillBox" application.

1) Please download the Killbox. Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3)

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\*******.dll (Note: the "SideBySide" may say something different, don't let it throw you off, fix this line!!!)

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

4) Once in Safe Mode, please run Killbox. Put a check mark next to "End explorer shell while killing file".

5) In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.

6) Select "Standard File Kill".

7) In the "Full Path of File to Delete" field, type the following:

C:\WINDOWS\system32\*******.dll


8) (Note: remember the "*******.dll" file represents a random file.)

9) Click the red-and-white "Delete File" button.
Click "Yes" at the Confirm Delete dialog box.
Click "OK" at the Success dialog box.
Click "Exit" to close out of the Pocket Killbox application.

10) Restart your computer in normal mode and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

(Note: Do the above procedure in "Safe Mode".)
  • 0

#25
Ser3nity

Ser3nity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Alright... I can delete neither the temp files, nor the random .dll file. Killbox keeps saying "this file could not be deleted".

~ Serenity
  • 0

Advertisements


#26
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Ser3nity,

let see if we can do this online now.

restart your computer, run hijackthis, post to me a hijackthis log without restarting your computer.

rambro
  • 0

#27
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Do this in safe mode.
  • 0

#28
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
edited

Edited by rambro, 01 November 2005 - 06:25 PM.

  • 0

#29
Ser3nity

Ser3nity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:48 PM, on 11/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130088941562
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\p44uleh91h4.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

~ Serenity
  • 0

#30
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\p44uleh91h4.dll

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Stop right there, don' t reboot your computer wait for further instructions, let me know when you have gotten this far.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP