[cja]

his is my posting of my "hijack log" (I have no clue what any of this means, accept that it might help acertain problems with my computer??).

I have down loaded more antivirus, anti trojan, scanning software in one day than I have in my whole life (but I just recently got a high speed internet connection)

Are my problems fairly typical? Do most people have to deal with these problems? without this website I would have kicked a hole in my computer.

Thanks again for all your help

Logfile of HijackThis v1.99.1
Scan saved at 4:50:26 PM, on 6/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ivegf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/home/ownerservices
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Class - {F853A78A-343F-AC2C-6EC1-7AD1A007D9CD} - C:\WINDOWS\system32\sysjb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activation.r...oad/tgctlcm.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

[Advertisements]

thats strange I posted my hijack log from my problematic computer and it did not pop up here?

I will try your above recommendations before I figure out what happened with my hijacked log

[cja]

thats strange I posted my hijack log from my problematic computer and it did not pop up here?

I will try your above recommendations before I figure out what happened with my hijacked log

[cja]

thats strange I posted my hijack log from my problematic computer and it did not pop up here?

I will try your above recommendations before I figure out what happened with my hijacked log

[wannabe1]

cja

I'm not the one to be checking this log, but even I can see there are a few problems in there.

What you now need to do is post a fresh HJT log in the Malware Forum...start a new topic asking the experts to have a look at it. (Link Below)

http://www.geekstogo...o_Here-f37.html

If you still have problems when you are done ther, post back here.

wannabe1

Edited by wannabe1, 17 June 2005 - 06:17 PM.

[cja]

when I press f10 button when the computer is booting up it takes me to a black screen that gives me the option of

"Please select the operating system to start:
Microsoft Windows XP Professional Edition
or
Microsoft Windows Recovery Consule

I have continued to choose the recovery consule ...then enter...

then the computer goes to another black screen

"which Windows installations would you like to log onto

(choices are)

1: D:\MiniNT
2: D:\I386 this is where I am hung up. I don't know
3: C:Windows which to choose. I have tried all three, but
I think it requires some kind of specific dos
prompt from Hewlard packard?? to run the
recovery reformatting


help?!??!? I have been just trying to access this file for the last 10 hours or so

thanks,

cja

[cja]

thanks for your help I will take my log to the specified forum


cja

[wannabe1]

cja

Try choosing to start "Microsoft Windows XP Professional Edition" [Enter]

Then choose option 1 (1: D:\MiniNT) if it's available. This should be the "Set up Windows XP" option.

Follow the previous instructions from there

wannabe1

Aren't computers wonderful?

[wannabe1]

cja,

I just checked to see if you had posted in the Malware Forum...good job, but they'll need a fresh HiJackThis log to review. Run a fresh scan, then go to your post there, use the edit function, and add your log to the post...you'll probably get a little quicker response.

wannabe1

[cja]

Thanks again I will post a fresh Hijack log

you guys don't get paid for this?????

cja

ps I don't know how to add "my log to the post"

Edited by cja, 17 June 2005 - 09:15 PM.

[wannabe1]

cja...

Being able to help someone who needs help and doesn't know where to turn is pay enough for me (and everyone else at Geeks to Go)...and to fight the good fight against spyware and the other nasties lurking around out there in cyberland.

You'll get some very good help in the Malware Forum...those folks are amazing

wannabe1

[cja]

that is very benevolant, I just do not see that much here in California, Thanks again


cja


I will try your newest startup suggestions

Edited by cja, 17 June 2005 - 09:28 PM.

[wannabe1]

You did just fine, cja...someone will be along soon with the expertise to get your machine all cleaned up. When working with whoever jumps in to help you, be as detailed about your symptoms as possible...the more information you are able to give them the better.

Once again...Good Luck!

wannabe1

[cja]

Thanks,

I tried your suggestion for the startup option to be able to reformat and all roads either lead to xp starting up normally or to those three choices in dos, which require a prompt I do not know.

thanks for all your help

[wannabe1]

cja

The command you need is probably winnt.exe which should start loading the setup files, but I'm not real sure this is going to work on your machine. Might be worth a try, though.

A note...most of the problems I saw in you HJT log were related to Internet Explorer...wasn't that one of your original problems? I still think the malware experts will be able to clean things up. There were several views made by some good helpers, unfortunately they viewed your post before you got the log posted. I'll see if I can point someone your way, but am not real sure how that will work.

wannabe1