Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Re-installing my operating system


  • Please log in to reply

#16
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
his is my posting of my "hijack log" (I have no clue what any of this means, accept that it might help acertain problems with my computer??).

I have down loaded more antivirus, anti trojan, scanning software in one day than I have in my whole life (but I just recently got a high speed internet connection)

Are my problems fairly typical? Do most people have to deal with these problems? without this website I would have kicked a hole in my computer.

Thanks again for all your help

Logfile of HijackThis v1.99.1
Scan saved at 4:50:26 PM, on 6/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/home/ownerservices
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Class - {F853A78A-343F-AC2C-6EC1-7AD1A007D9CD} - C:\WINDOWS\system32\sysjb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activation.r...oad/tgctlcm.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements


#17
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
thats strange I posted my hijack log from my problematic computer and it did not pop up here?

I will try your above recommendations before I figure out what happened with my hijacked log
  • 0

#18
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
thats strange I posted my hijack log from my problematic computer and it did not pop up here?

I will try your above recommendations before I figure out what happened with my hijacked log
  • 0

#19
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
cja

I'm not the one to be checking this log, but even I can see there are a few problems in there.

What you now need to do is post a fresh HJT log in the Malware Forum...start a new topic asking the experts to have a look at it. (Link Below)

http://www.geekstogo...o_Here-f37.html

If you still have problems when you are done ther, post back here.

wannabe1

Edited by wannabe1, 17 June 2005 - 06:17 PM.

  • 0

#20
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
when I press f10 button when the computer is booting up it takes me to a black screen that gives me the option of

"Please select the operating system to start:
Microsoft Windows XP Professional Edition
or
Microsoft Windows Recovery Consule

I have continued to choose the recovery consule ...then enter...

then the computer goes to another black screen

"which Windows installations would you like to log onto

(choices are)

1: D:\MiniNT
2: D:\I386 this is where I am hung up. I don't know
3: C:Windows which to choose. I have tried all three, but
I think it requires some kind of specific dos
prompt from Hewlard packard?? to run the
recovery reformatting


help?!??!? I have been just trying to access this file for the last 10 hours or so

thanks,

cja
  • 0

#21
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
thanks for your help I will take my log to the specified forum


cja
  • 0

#22
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
cja

Try choosing to start "Microsoft Windows XP Professional Edition" [Enter]

Then choose option 1 (1: D:\MiniNT) if it's available. This should be the "Set up Windows XP" option.

Follow the previous instructions from there

wannabe1

Aren't computers wonderful? :tazz:
  • 0

#23
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
cja,

I just checked to see if you had posted in the Malware Forum...good job, but they'll need a fresh HiJackThis log to review. Run a fresh scan, then go to your post there, use the edit function, and add your log to the post...you'll probably get a little quicker response.

wannabe1
  • 0

#24
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks again I will post a fresh Hijack log

you guys don't get paid for this?????

cja

ps I don't know how to add "my log to the post"

Edited by cja, 17 June 2005 - 09:15 PM.

  • 0

#25
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
cja...

Being able to help someone who needs help and doesn't know where to turn is pay enough for me (and everyone else at Geeks to Go)...and to fight the good fight against spyware and the other nasties lurking around out there in cyberland.

You'll get some very good help in the Malware Forum...those folks are amazing :tazz:

wannabe1
  • 0

Advertisements


#26
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
that is very benevolant, I just do not see that much here in California, Thanks again


cja


I will try your newest startup suggestions

Edited by cja, 17 June 2005 - 09:28 PM.

  • 0

#27
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
You did just fine, cja...someone will be along soon with the expertise to get your machine all cleaned up. When working with whoever jumps in to help you, be as detailed about your symptoms as possible...the more information you are able to give them the better.

Once again...Good Luck!

wannabe1
  • 0

#28
cja

cja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks,

I tried your suggestion for the startup option to be able to reformat and all roads either lead to xp starting up normally or to those three choices in dos, which require a prompt I do not know.

thanks for all your help
  • 0

#29
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
cja

The command you need is probably winnt.exe which should start loading the setup files, but I'm not real sure this is going to work on your machine. Might be worth a try, though.

A note...most of the problems I saw in you HJT log were related to Internet Explorer...wasn't that one of your original problems? I still think the malware experts will be able to clean things up. There were several views made by some good helpers, unfortunately they viewed your post before you got the log posted. I'll see if I can point someone your way, but am not real sure how that will work.

wannabe1
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP