Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help...Here's my Hijack This log


  • Please log in to reply

#1
Abraxsis

Abraxsis

    Member

  • Member
  • PipPip
  • 13 posts
Hi all. I'd gotten help here before, which totally fixed my problem, but now again I've gotten problems. Not sure if it's the VX2 or what.

I've already got XP SP2 installed, and I've run CWShredder, Spybot, Adaware, MS Antispyware, and AVG Free edition. They all find problems, and say they fixed them, but when I reboot the PC I get swamped with pop-ups. Plus I'm getting words highlighted on all webpages, and when I hover the pointer over them in the IE statusbar it says Sponsored Link.

Here's the Hijack this log, followed by the Find.bat log...

Logfile of HijackThis v1.99.1
Scan saved at 5:10:51 PM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsh73.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

====================================================

And my Find.bat log

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\temp\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is EC04-C423

Directory of C:\WINDOWS\System32

04/16/2005 07:28 PM <DIR> dllcache
04/16/2005 01:34 AM 13,560 KGyGaAvL.sys
03/31/2005 08:33 PM 104 01D1BE5E9F.sys
03/11/2005 10:01 AM 12,800 Thumbs.db
01/13/2005 04:05 PM 3,547 hwxcx.log
09/16/2004 03:27 AM 56 5B69E9EBAD.sys
04/15/2004 05:25 AM <DIR> Microsoft
04/15/2004 03:18 AM 6,144 access.ctl
6 File(s) 36,211 bytes
2 Dir(s) 2,013,401,088 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is EC04-C423

Directory of C:\WINDOWS\System32

04/16/2005 07:28 PM <DIR> dllcache
04/16/2005 01:34 AM 13,560 KGyGaAvL.sys
03/31/2005 08:33 PM 104 01D1BE5E9F.sys
03/11/2005 10:01 AM 12,800 Thumbs.db
01/25/2005 10:54 PM <DIR> GroupPolicy
01/13/2005 04:05 PM 3,547 hwxcx.log
09/16/2004 03:27 AM 56 5B69E9EBAD.sys
04/15/2004 03:43 AM 488 WindowsLogon.manifest
04/15/2004 03:43 AM 488 logonui.exe.manifest
04/15/2004 03:43 AM 749 nwc.cpl.manifest
04/15/2004 03:43 AM 749 sapi.cpl.manifest
04/15/2004 03:43 AM 749 cdplayer.exe.manifest
04/15/2004 03:43 AM 749 wuaucpl.cpl.manifest
04/15/2004 03:43 AM 749 ncpa.cpl.manifest
04/15/2004 03:18 AM 6,144 access.ctl
05/11/2001 05:43 PM 397,856 XceedZip.dll
14 File(s) 438,788 bytes
2 Dir(s) 2,013,396,992 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is EC04-C423

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is EC04-C423

Directory of C:\WINDOWS\System32

08/23/2001 12:00 PM 2,577 CONFIG.TMP
1 File(s) 2,577 bytes
0 Dir(s) 2,013,396,992 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"iebar"=""
"SV1"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
01d1be~1.sys Thu Mar 31 2005 8:33:36p ..SHR 104 0.10 K
kgygaavl.sys Sat Apr 16 2005 1:34:46a A.SH. 13,560 13.24 K
thumbs.db Fri Mar 11 2005 10:01:06a A.SH. 12,800 12.50 K

3 items found: 3 files, 0 directories.
Total of file sizes: 26,464 bytes 25.84 K

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

Edited by Abraxsis, 17 April 2005 - 03:13 PM.

  • 0

Advertisements


#2
Abraxsis

Abraxsis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
On the verge of reformatting the HD and doing a fresh XP install cuz of this, someone plz help before I go and do this.
  • 0

#3
Abraxsis

Abraxsis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Day 3 now, lil help please. Pretty please with sugar on top?
  • 0

#4
Abraxsis

Abraxsis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Still waiting for help, and the problems have escalated. The pc is now freezing up completely, and also shutting itself off and restarting.

Help Please!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP