Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 Sion

Sion

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 09 April 2005 - 10:43 AM

Posted Image

1.) Okay, I am running Windows XP professional, and I don't know how - but my search tool is blank.

2.) When I try to run Internet Explorer, I get this error:
res://C:\WINDOWS\system32\shdoclc.dll/

3.)I ran HJT and this is the log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


(I just saw there is an HJT forum, sorry. But I still have two other problems.)

Edited by Sion, 09 April 2005 - 10:46 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:58 PM

Posted 09 April 2005 - 01:56 PM

Hi Sion and welcome to the BC forums. It appears that your HijackThis log is incomplete. We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer. If you do not have a copy of HijackThis or do not have the latest version (1.99.1) then download it from here: HijackThis_sfx.exe. Double-click on the file you just downloaded and click on the UnZip button to install the program.

Start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log as quickly as I can.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Sion

Sion
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 10 April 2005 - 12:00 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:00:32 PM, on 04/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Hmm, what about the other problems I have?

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:58 PM

Posted 10 April 2005 - 03:03 PM

Hi Sion. Is this the complete log? Are you running it from Safe Mode? If this is the entire log and this is when booting to normal mode then I'm surprized your machine is starting at all. If this is the HijackThis log when booting normally then you are all set. There is nothing in it to indicate any viruses or malware and I believe that any other problems you might be having are due to some major registry problems.

Post back here with detailed information regarding what happened to your system and I'll review the post when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Sion

Sion
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 12 April 2005 - 11:18 PM

I think that may be the problem, Internet Explorer doesn't work at all for me anymore. Firefox stops working randomly, it won't be able to find pages. I think it's a reoccuring trojan, but I don't know why it comes back... Trend Micro doesn't pick it up though. Anyway, I DO happen to use this purchaseable Registry cleaner, but I started using this after the problems. Didn't help, but it did pick up a lot of errors I had.

Anyway, if it is a registry problem, what can I do?

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:58 PM

Posted 13 April 2005 - 11:40 AM

Hi Sion. Well, I think your registry cleaner cleaned out more than it should have. I would suggest doing a repair install of XP to see if you can recover your system. Check the How to Perform a Windows XP Repair Install guide and see if that doesn't help. Do not run the registry cleaner you have been using. I have some other free ones that we reccomend if that is what you need.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Sion

Sion
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 13 April 2005 - 10:52 PM

Okay, well I installed an antivirus program called Antivir, and it removed 3 Trojans.. Firefox isn't messing up anymore, but IE is still out of commision.

Thing is, I had a virus a while back or so, and I brought it in to the shop and had it fixed, and they installed Windows on it... I don't have the disc though.. Out of luck. :thumbsup:

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:58 PM

Posted 14 April 2005 - 11:28 AM

Hi Sion. If you had a shop install Windows they have to supply you with the CD or you have an illegal copy of windows. There's not alot that we can do for you. As far as the log you submitted, there's nothing in it to point to any viruses or malware but that is not a normal log. You appear to have a particularly small log which indicates registry problems.

I would go back to whoever installed your Windows and demand the CD and installation keys you purchased.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Sion

Sion
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 14 April 2005 - 08:18 PM

I didn't buy the Windows, see what they did was just reinstall Windows after they wiped my computer. Is that illegal? It's not like it is cracked, they bought the CD..

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:58 PM

Posted 14 April 2005 - 09:36 PM

Well, yes it is cracked if you didn't purchase it. If you originally purchased the machine with windows on it then you should have received the XP CD. If you went to someone who just put XP on there for you and didn't give you the CD or the keys for it then you do have an illegal copy of windows on your computer.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Sion

Sion
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 15 April 2005 - 11:27 PM

It's illegal if they purchased it? That's stupid.

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:58 PM

Posted 15 April 2005 - 05:21 PM

If they purchased it then they cannot install it on your machine unless they give you the disk and the activation keys that go with it. Pretty simple philosophy. If you paid for it then the shop you went to is breaking the law and should be reported. If you didn't pay for it then you cannot have it loaded on your machine.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 Sion

Sion
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 16 April 2005 - 10:56 AM

You need to buy a disc for every computer it is installed on? That's not exactly cheap.

Edited by Sion, 16 April 2005 - 10:57 AM.


#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:58 PM

Posted 16 April 2005 - 01:34 PM

It may not be cheap but that is the law. You cannot purchase 1 copy of Windows and install it on multiple PC's without purchasing a license for it.

Sorry, that's the way it is.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Sion

Sion
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 16 April 2005 - 11:28 PM

Oh well, well I didn't fix my problem yet. But Firefox is up again, I just downloaded AntiVir and ran a few tests.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users