Coolio's Log

View previous topic View next topic Go down

Solved Coolio's Log

Post by coolio1234 on 14th May 2008, 1:40 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:31 PM, on 5/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ACU] C:\Program Files\SMCWUSBT-G EZ Connect TM g 108 Mbps 802.11g Wireless USB 2.0 Adapter\ACU.exe -nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9851 bytes

coolio1234
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2008-05-14
Points Points : 31320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Coolio's Log

Post by Digitalocksmith on 14th May 2008, 1:54 pm

Hi Coolio1234 and welcome to GP!

Print out or copy this page to Notepad since you will CAN NOT have any of browsers open while you are fixing this and try to follow it as closely as possible taking it STEP by STEP.

Update your Norton Antivirus program,


Download Spybot Search and Destroy install it and UPDATE the program (Don’t run it yet).

[You must be registered and logged in to see this link.]


Download VundoFix.exe to your desktop. Ignore the AntiVirus warnings and download it anyway because you need to run it.... Wait on installation and running.

[You must be registered and logged in to see this link.]

Download CleanUp and install it. Wait on installation and running.

[You must be registered and logged in to see this link.]


Download following program CWSHREDDER. Wait on installation and running
[You must be registered and logged in to see this link.]


Download About:Buster and save it to your desktop. When it has finished downloading, unzip the folder to your desktop as well. You should now be left with an aboutbuster folder on your desktop.Wait on installation and running.

[You must be registered and logged in to see this link.]


I would also recommentd that you download CCleaner. It is a great little program that I use every time I close my browser to get rid of temporary files. I usually just run the cleaner part every time I'm done with the browser.During the install there will be check marks for checking for updates which you should do.....Dont install the toolbars unless you want them so you can uncheck these boxes.
It is a very safe program and it is free.(CCleaner Quick Setup: Go to > Options > Advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours" as this will help in cleaning malware that may be hiding in your temp files etc)

[You must be registered and logged in to see this link.]

_______________________________________________________________________

Now make sure no OS files are hidden.
To do this:
For XP go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
For Vista go to the Control Panel->Appearance and Personalization
Under the Folder Options, click Show Hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
You may change the above options back after your log is clean.


Turn off system restore.

Steps to turn off System Restore for XP
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.

Steps to turn off System Restore for Vista:
1. Control Panel -> System Maintenance -> Back Up and Restore Center
2. On the right column, click on "create a restore point or change settings" (this requires administrator's password if set)
3. Uncheck all drives.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.


Do all steps below in safe mode except for at the end when you generate a new HiJackThis log


Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).

3) Instead of Windows loading as normal, a menu should appear

4) Use the up arrow key to highlight Safe Mode and press Enter.


Open HiJackThis and do a scan.
Place checks next to the following entries in the code below and close all browsers and other windows except for HijackThis, and click "Fix Checked".
Code:
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe 



Run your Norton Antivirus and do a full scan.....Remember this is all in safe mode.


Run Spybot Search and Destroy and do a full scan remember this is all in safe mode.


Open Cleanup by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

*Click "Options..."

*Move the arrow down to "Custom CleanUp!"

*Only Check the following for now:

-Empty Recycle Bins

-Delete Cookies

-Delete Prefetch Files

-Clean up All Users

*Uncheck the following:

-Delete Newsgroup cache

-Delete Newsgroup Subscriptions

*Press the Temporary Files Tab and check.

-Scan drives for files matching

Click OK

Press the CleanUp button to start the program. Reboot/logoff when prompted.

Note: CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup or MOVE THEM out of the Temp folder before running CleanUp
If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.


Install and run CWSHREDDER

Close all browser windows, open cwshredder.exe then click "Fix" and let it run.


Double-click on the AbouBuster.exe icon.

Click Begin scan. Close when completed.

It is advised that you run the AboutBuster twice in a row to make sure you get all the infections.

_____________________________________________________________

NOTE For AboutBuster: If you recieve the error"Run-time error '339': Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid".

Download and run this file [You must be registered and logged in to see this link.]

_____________________________________________________________



Double-click VundoFix.exe to run it(Do this a few times until nothing shows up)


Then install CCleaner but note it installs the Yahoo Toolbar as an option which IS check marked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option.

Before first use, select Options > Advanced and UNCHECK 'Only delete files in Windows Temp folder older than 48 hours'

Then select the items you wish to clean up.


In the Windows Tab:


* Clean all entries in the "Internet Explorer" section except Cookies.

* Clean all the entries in the "Windows Explorer" section.

* Clean all entries in the "System" section.

* Clean all entries in the "Advanced" section.

* Clean any others that you choose.


In the Applications Tab:


* Clean all except cookies in the Firefox/Mozilla section if you use it.

* Clean all in the Opera section if you use it.

* Clean Sun Java in the Internet Section.

* Clean any others that you choose.
Click the "Run Cleaner" button.

A pop-up box will appear advising this process will permanently delete files from your system.

Click "OK" and it will scan and clean your system.

Click the "Issues" button.

Click the "Scan For Issues" button.

Click the "Fix Selected Issues" button.

Click the "Fix All Selected Issues" button.

Click "OK"

Click "Close" when done.


REBOOT in normal mode and turn on System Restore.


Steps to turn on System Restore For XP:

1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.

After a few moments, the System Properties dialog box closes.

To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.

To create a Restore point for Vista:

1.Control Panel – System Maintenance – Back Up and Restore Center. On the right column, click on "Create A Restore Point Or Change Settings" (This requires Administrator's password if set.) Put a check on the drive your OS is on. Then click on the Create button. Type in a name and then click OK.


Do another scan with HiJackThis.exe in normal windows mode and post your new log file here for final verification. Make sure it is a new log file.

Also let us know how the systems overall condition is now.



Digitalocksmith
Leader
Leader

Posts Posts : 625
Joined Joined : 2007-12-22
Gender Gender : Male
OS OS : Windows 7 Ultimate x64 beta 1 (build 7048) - Testing Bluewhite64 Linux 12.2
Points Points : 48961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Coolio's Log

Post by Doctor Inferno on 14th May 2008, 1:58 pm

These are startup entries. It is optional if you want to remove them as they are not needed:

Code:
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

Are you also having any problems with your computer?


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Coolio's Log

Post by coolio1234 on 15th May 2008, 1:13 pm

thank you Doctor Inferno & Digital

coolio1234
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2008-05-14
Points Points : 31320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Coolio's Log

Post by Doctor Inferno on 15th May 2008, 2:20 pm

This topic has been addressed. It will now be closed.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum