0

Logfile of HijackThis v1.99.1
Scan saved at 2:26:58 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\admin\Desktop\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160897416314
O21 - SSODL: Objexapi - {0371B892-E144-4AB6-B630-A240F4C83D74} - C:\WINDOWS\system32\ipvitcrt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

2
Contributors
8
Replies
9
Views
10 Years
Discussion Span
Last Post by gerbil
0

what is the actual problem you are experiencing, jeni?
Meanwhile, reboot and run HT in Safe Mode, check these objects for fixing, fix, then prceed to normal windows mode, rerun HT and repost the new log here.... [actually you can leave the first one, R1=... unfixed if you like the site, but you will get lots of ads].

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O21 - SSODL: Objexapi - {0371B892-E144-4AB6-B630-A240F4C83D74} - C:\WINDOWS\system32\ipvitcrt.dll

0

I just read your earlier post..... so do these things before you do what i wrote in my first post.

Time to get some free stuff....

First off I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.
Then download RootKitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html [the link is at the bottom of the page] and place in a folder next to CCleaner. **Read that webpage**.
Go here and get SpyBot S & D, http://www.safer-networking.org/en/index.html , install it, but not tea timer. Update it.
Get AVG AntiSpyware 7.5 from here: http://www.grisoft.com/doc/1
Install it.. you should intend keeping this.... open it and update it via the screen.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it.
When it finishes updating files go get this free beta [blbeta.exe] from http://www.f-secure.com/blacklight/ and install it also.

Before the next step memorise these instructions... or copy em to notepad. Or just use Opera...
Ok, you're done with the net. Shut it down. Disconnect...
Check that a Restore point has been made [one should have just been made automatically because you just installed software...]. The path to this is via Start > all programs > accessories > system tools> system restore. The reason for doing this is that some trojans write themselves into the System Restore files, and in there they are totally safe from anything.
Now rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do...
Run RKR from its folder by dclicking the .exe. Make sure it is the only window open, and don't let even a mouse move!
Now go into safe mode [Restart, F8 and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...]
Note: Close all open windows, and DO NOT USE the computer while these scans are running. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG's ability to clean properly and may result in reinfection.
- Run Blbeta.exe.
- Start AVG Antispyware, do the complete system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report."
- Do a full Adaware scan and remove all the problems it finds.
- Run SpyBot S D. Create the registry backup, then check for problems. Select and fix problems.
- Finally run HT, check for fixing these items if they exist, and fix them [fixing the first one is up to you...]:-

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O21 - SSODL: Objexapi - {0371B892-E144-4AB6-B630-A240F4C83D74} - C:\WINDOWS\system32\ipvitcrt.dll

Search fo the above .dll and delete it.
Okay, reboot into normal Windows, and rerun HT.
- Go here and run this scan online:- http://www.pandasoftware.com/products/activescan?

Is everything working okay? Then open AVG AS, > infections> quarantine, select the baddies and Remove Finally.
Post the new HT log, plus any other logs from scans that find things [but not Adaware's cookie list..]

0

Hi,

I actually already have all the downloads you mentioned except for the second and last one. I did run all of them before running HJT. So the log is after AVG,spybot..etc have been run. I will download the other two like you said and continue from there. I really appreciate you helping me :)!

Thanks
Jeni


I just read your earlier post..... so do these things before you do what i wrote in my first post.

Time to get some free stuff....

First off I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.
Then download RootKitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html [the link is at the bottom of the page] and place in a folder next to CCleaner. **Read that webpage**.
Go here and get SpyBot S & D, http://www.safer-networking.org/en/index.html , install it, but not tea timer. Update it.
Get AVG AntiSpyware 7.5 from here: http://www.grisoft.com/doc/1
Install it.. you should intend keeping this.... open it and update it via the screen.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it.
When it finishes updating files go get this free beta [blbeta.exe] from http://www.f-secure.com/blacklight/ and install it also.

Before the next step memorise these instructions... or copy em to notepad. Or just use Opera...
Ok, you're done with the net. Shut it down. Disconnect...
Check that a Restore point has been made [one should have just been made automatically because you just installed software...]. The path to this is via Start > all programs > accessories > system tools> system restore. The reason for doing this is that some trojans write themselves into the System Restore files, and in there they are totally safe from anything.
Now rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do...
Run RKR from its folder by dclicking the .exe. Make sure it is the only window open, and don't let even a mouse move!
Now go into safe mode [Restart, F8 and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...]
Note: Close all open windows, and DO NOT USE the computer while these scans are running. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG's ability to clean properly and may result in reinfection.
- Run Blbeta.exe.
- Start AVG Antispyware, do the complete system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report."
- Do a full Adaware scan and remove all the problems it finds.
- Run SpyBot S D. Create the registry backup, then check for problems. Select and fix problems.
- Finally run HT, check for fixing these items if they exist, and fix them [fixing the first one is up to you...]:-

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O21 - SSODL: Objexapi - {0371B892-E144-4AB6-B630-A240F4C83D74} - C:\WINDOWS\system32\ipvitcrt.dll

Search fo the above .dll and delete it.
Okay, reboot into normal Windows, and rerun HT.
- Go here and run this scan online:- http://www.pandasoftware.com/products/activescan?

Is everything working okay? Then open AVG AS, > infections> quarantine, select the baddies and Remove Finally.
Post the new HT log, plus any other logs from scans that find things [but not Adaware's cookie list..]

0

There are two different downloads for http://www.f-secure.com/blacklight/ which one do I choose?

I just read your earlier post..... so do these things before you do what i wrote in my first post.

Time to get some free stuff....

First off I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.
Then download RootKitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html [the link is at the bottom of the page] and place in a folder next to CCleaner. **Read that webpage**.
Go here and get SpyBot S & D, http://www.safer-networking.org/en/index.html , install it, but not tea timer. Update it.
Get AVG AntiSpyware 7.5 from here: http://www.grisoft.com/doc/1
Install it.. you should intend keeping this.... open it and update it via the screen.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it.
When it finishes updating files go get this free beta [blbeta.exe] from http://www.f-secure.com/blacklight/ and install it also.

Before the next step memorise these instructions... or copy em to notepad. Or just use Opera...
Ok, you're done with the net. Shut it down. Disconnect...
Check that a Restore point has been made [one should have just been made automatically because you just installed software...]. The path to this is via Start > all programs > accessories > system tools> system restore. The reason for doing this is that some trojans write themselves into the System Restore files, and in there they are totally safe from anything.
Now rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do...
Run RKR from its folder by dclicking the .exe. Make sure it is the only window open, and don't let even a mouse move!
Now go into safe mode [Restart, F8 and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...]
Note: Close all open windows, and DO NOT USE the computer while these scans are running. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG's ability to clean properly and may result in reinfection.
- Run Blbeta.exe.
- Start AVG Antispyware, do the complete system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report."
- Do a full Adaware scan and remove all the problems it finds.
- Run SpyBot S D. Create the registry backup, then check for problems. Select and fix problems.
- Finally run HT, check for fixing these items if they exist, and fix them [fixing the first one is up to you...]:-

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O21 - SSODL: Objexapi - {0371B892-E144-4AB6-B630-A240F4C83D74} - C:\WINDOWS\system32\ipvitcrt.dll

Search fo the above .dll and delete it.
Okay, reboot into normal Windows, and rerun HT.
- Go here and run this scan online:- http://www.pandasoftware.com/products/activescan?

Is everything working okay? Then open AVG AS, > infections> quarantine, select the baddies and Remove Finally.
Post the new HT log, plus any other logs from scans that find things [but not Adaware's cookie list..]

0

ok, i managed to get all the way up to restarting in safe mode...but the computer won't. I get the dark screen with it saying safe mode at the two bottom corners and a line of characters/words at the top of the screen but no icons or anything. So I am unable to run the programs in safe mode. :(


I just read your earlier post..... so do these things before you do what i wrote in my first post.

Time to get some free stuff....

First off I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing.
Then download RootKitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html [the link is at the bottom of the page] and place in a folder next to CCleaner. **Read that webpage**.
Go here and get SpyBot S & D, http://www.safer-networking.org/en/index.html , install it, but not tea timer. Update it.
Get AVG AntiSpyware 7.5 from here: http://www.grisoft.com/doc/1
Install it.. you should intend keeping this.... open it and update it via the screen.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it.
When it finishes updating files go get this free beta [blbeta.exe] from http://www.f-secure.com/blacklight/ and install it also.

Before the next step memorise these instructions... or copy em to notepad. Or just use Opera...
Ok, you're done with the net. Shut it down. Disconnect...
Check that a Restore point has been made [one should have just been made automatically because you just installed software...]. The path to this is via Start > all programs > accessories > system tools> system restore. The reason for doing this is that some trojans write themselves into the System Restore files, and in there they are totally safe from anything.
Now rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do...
Run RKR from its folder by dclicking the .exe. Make sure it is the only window open, and don't let even a mouse move!
Now go into safe mode [Restart, F8 and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...]
Note: Close all open windows, and DO NOT USE the computer while these scans are running. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG's ability to clean properly and may result in reinfection.
- Run Blbeta.exe.
- Start AVG Antispyware, do the complete system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report."
- Do a full Adaware scan and remove all the problems it finds.
- Run SpyBot S D. Create the registry backup, then check for problems. Select and fix problems.
- Finally run HT, check for fixing these items if they exist, and fix them [fixing the first one is up to you...]:-

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O21 - SSODL: Objexapi - {0371B892-E144-4AB6-B630-A240F4C83D74} - C:\WINDOWS\system32\ipvitcrt.dll

Search fo the above .dll and delete it.
Okay, reboot into normal Windows, and rerun HT.
- Go here and run this scan online:- http://www.pandasoftware.com/products/activescan?

Is everything working okay? Then open AVG AS, > infections> quarantine, select the baddies and Remove Finally.
Post the new HT log, plus any other logs from scans that find things [but not Adaware's cookie list..]

0

jeni, let's se if i can get this right...... [it'll be read by others!!] when you select safe mode n hit Enter, you will get a bar streaking across the bottom of that screen; then if it's a real cold start from a poweroff you will see a list of drivers n .dlls reel down the screen as they load, otherwise it's straight to a black screen with safe mode at all 4 corners and a one line desrciption of your system at top. Then comes the std blue logon screen populated with Administrator, and any users with admin privileges. You log in and the black screen returns with a window about restore or safe mode, and when you click yes you get your icons.... and from there you can do what i requested above...
So please.. am i to understand that you can run normal windows mode, but not safe mode??? If you can run in normal mode at least run HT and fix those 3 things i put in post #2 above.
In Safe mode the puter loads a bare minimum of drivers and dlls so that it can function - I cannot understand how it can make it to normal but not safe mode.....

0

You are correct. I cannot run anything in safe mode. I do not get any icons or anything to allow me to do so. So I did run everything as you said in normal windows. I did the best I could with what I had to work with and the computer is alot better. I can access yahoo messenger now(still seems to have a bug or two tho), and I can access myspace. I am still getting popups tho.

I dont know why it won't go into safe mode either. I am going to ask my ex about it since him and his friend were the last ones to mess with it.

jeni, let's se if i can get this right...... [it'll be read by others!!] when you select safe mode n hit Enter, you will get a bar streaking across the bottom of that screen; then if it's a real cold start from a poweroff you will see a list of drivers n .dlls reel down the screen as they load, otherwise it's straight to a black screen with safe mode at all 4 corners and a one line desrciption of your system at top. Then comes the std blue logon screen populated with Administrator, and any users with admin privileges. You log in and the black screen returns with a window about restore or safe mode, and when you click yes you get your icons.... and from there you can do what i requested above...
So please.. am i to understand that you can run normal windows mode, but not safe mode??? If you can run in normal mode at least run HT and fix those 3 things i put in post #2 above.
In Safe mode the puter loads a bare minimum of drivers and dlls so that it can function - I cannot understand how it can make it to normal but not safe mode.....

0

jeni..this safe mode thing sounds bad... Others here may have an idea... but anyway... safe mode only allows administrators to use it... either the default system administrator or users with administrator privileges. So the next screen after your blank black with safe mode inscribed in the corners should be a blue login screen.... i dunno, but if no admin accounts then maybe no blue login screen? Please tell me your machine has an administrator account still?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.