TechSpot

Hijack this! logfile, need to get rid of funbangladesh

By EyrtheFyre
Dec 11, 2005
  1. Here's my problem: Everytime I log onto my laptop, IE pops up and tries to connect to funbangladesh.com. I don't know how this all got onto my computer considering I use firefox.
    Well anyway, to make a long story short, I downloaded hijack this!, and here's my logfile. Please let me know what I should get rid of.

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\mswindll32.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\tp4mon.exe
    C:\WINNT\System32\Promon.exe
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: DLL Manager (mswindll) - Unknown owner - C:\WINNT\mswindll32.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    This one needs to be killed:

    C:\WINNT\mswindll32.exe

    Then fix this:

    O23 - Service: DLL Manager (mswindll) - Unknown owner - C:\WINNT\mswindll32.exe
     
  3. EyrtheFyre

    EyrtheFyre TS Rookie Topic Starter

    thanks ^_^
     
  4. EyrtheFyre

    EyrtheFyre TS Rookie Topic Starter

    I just followed your instructions, then restarted my computer.
    funbangladesh still popped up as usual.
    I ran hijack this! and it showed: C:\WINNT\mswindll32.exe
    eventhough I deleted it! So I did a search for mswindll32.exe to delete it again, and it came up not found. Right now I'm running adaware, then I'm gonna run my spybot then clean out my cookies, cache, and history. Then restart my laptop.
    I bet funbangladesh will pop up again, so in that event, what should I do now?
     
  5. EyrtheFyre

    EyrtheFyre TS Rookie Topic Starter

    huzzah! it worked!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...