Need Help with LOG

Question

ryun 0 Junior Poster in Training

16 Years Ago

Hello I am actually having problems with my internet explorer poping up with Microsoft internet explorer has encountered a problem and must be shut down message all the time, It took me 6 tries to get in here to post this message. I have done all the updates and even installed the service pack upgrades. Ran Adaware and AVG but I am still having the same problem. Thought that there might be something in my Hijack this log that would help me out SO I am posting it for all of you Super smart people to tell me what to erase.. I appreciate any help Thanks Ryun

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:00 PM, on 3/18/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nipalsm.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\System32\lgbpd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1199482905&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NI-488.2 Getting Started Wizard] C:\Program Files\National Instruments\NI-488.2\Bin\Getting Started.exe
O4 - HKCU\..\Run: [LGBLiveUpdate] C:\WINNT\System32\lgbpd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUzed004YYUS_ZZzer000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {44A6A9CA-AC5B-4C39-8FE6-17E7D06903A9} (Image Uploader Control) - https://dealers.autotrader.com/dc/media/inc/ImageUploader4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205522042796
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe

--
End of file - 4854 bytes

windows-virus

2 Contributors
7 Replies
148 Views
4 Days Discussion Span
Latest Post 16 Years Ago Latest Post by gerbil

All 7 Replies

gerbil 216 Industrious Poster

16 Years Ago

Hello, ryun.
Delete this file:
C:\WINNT\System32\lgbpd.exe - if it is running just stop it in TM and then try to delete it again.
Good. Uninstall MyWebSearch via Add/Remove pgms.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKCU\..\Run: [LGBLiveUpdate] C:\WINNT\System32\lgbpd.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...4YYUS_ZZzer000
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab

Finally: Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after

installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.5 is current....
And let's hope that is it. Say how things are...

ryun commented: He is a genius +4

gerbil 216 Industrious Poster

16 Years Ago

Ryun, we need to look a little deeper then. Clean, then try the first, and then if your IE [it must be IE] will allow it, the second scan also.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ryun 0 Junior Poster in Training · Answer 1 · 2008-03-20T01:38:27+00:00

Hello, I have ran into two problems I erased the file you talked about I could not find the Mywebsearch in the add remove area, then I erased the hijack this stuff and went to update Jave and every time it starts the download it pops up a box that says java(tm) 6 update 5 at the top and the message is "Installer terminated prematurely" I have tried several time and get this message every time.. Im still getting the same Internet explorer error as well Thanks Ryun

ryun 0 Junior Poster in Training · Answer 2 · 2008-03-20T21:29:36+00:00

it might be my imagination but things seem to be better already after just running the combo fix? Thanks Ryun

Here is the combo fix scan

ComboFix 08-03-18.1 - Administrator 03/20/2008 9:53:46.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.84 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\My Documents\freeware\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\414642843.exe
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NEW_DRV

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-20 09:26 . 08-03-20 09:26 <DIR> d-------- C:\Program Files\CCleaner
2008-03-18 12:15 . 08-03-18 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-18 12:13 . 08-03-18 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-18 12:13 . 08-03-18 12:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-18 10:57 . 08-03-18 12:03 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-03-18 10:49 . 99-11-30 01:33 8,976 --a------ C:\WINNT\system32\kbdjpn.dll
2008-03-18 10:49 . 99-11-30 01:33 8,976 --a--c--- C:\WINNT\system32\dllcache\kbdjpn.dll
2008-03-18 10:49 . 99-11-30 01:33 7,440 --a------ C:\WINNT\system32\kbd106.dll
2008-03-18 10:49 . 99-11-30 01:33 7,440 --a--c--- C:\WINNT\system32\dllcache\kbd106.dll
2008-03-18 10:37 . 08-03-19 14:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-18 09:38 . 08-03-18 09:38 <DIR> d-------- C:\Program Files\ACW
2008-03-15 09:08 . 08-03-15 09:08 <DIR> d-------- C:\WINNT\Cookies
2008-03-15 05:30 . 07-07-30 19:19 271,224 --a------ C:\WINNT\system32\mucltui.dll
2008-03-15 05:30 . 07-07-30 19:19 30,072 --a------ C:\WINNT\system32\mucltui.dll.mui
2008-03-14 16:00 . 08-03-14 16:00 <DIR> d-------- C:\WINNT\system32\Windows Media
2008-03-14 16:00 . 08-03-15 10:02 <DIR> d-------- C:\WINNT\msiinst.tmp
2008-03-14 16:00 . 08-03-14 16:00 <DIR> d--h-c--- C:\WINNT\$NtUpdateRollupPackUninstall$
2008-03-14 15:58 . 08-03-14 15:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2008-03-14 15:56 . 08-03-14 15:56 <DIR> d-------- C:\WINNT\mui
2008-03-14 15:56 . 08-03-14 15:57 957 --a------ C:\WINNT\setup.inf
2008-03-14 15:56 . 08-03-14 15:57 283 --a------ C:\WINNT\setup.rpt
2008-03-14 15:43 . 06-07-24 22:08 840,976 -----c--- C:\WINNT\system32\dllcache\mmcndmgr.dll
2008-03-14 15:10 . 08-03-14 15:10 <DIR> d-------- C:\WINNT\system32\ie_de
2008-03-14 15:10 . 08-03-14 15:10 <DIR> d-------- C:\WINNT\ServicePackFiles
2008-03-14 15:08 . 06-06-27 01:30 1,427,728 --a------ C:\WINNT\system32\query.dll
2008-03-14 15:07 . 03-06-19 12:05 1,385,744 --a------ C:\WINNT\system32\MSVBVM60.DLL
2008-03-14 15:06 . 03-06-19 12:05 575,517 --a------ C:\WINNT\system32\imejpknl.dll
2008-03-14 15:05 . 05-08-30 02:29 2,532,112 --a------ C:\WINNT\system32\cdosys.dll
2008-03-14 10:02 . 08-03-14 10:02 27,136 --a------ C:\WINNT\9129837.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:29 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-03-18 19:16 --------- d-----w C:\Program Files\Lavasoft
2008-03-18 19:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-28 18:05 --------- d-----w C:\Program Files\Picasa2
2005-10-28 13:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-04-12 23:15 271 ---h--w C:\Program Files\desktop.ini
2005-04-12 23:15 21,952 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [04-11-22 06:18 307200]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-10-23 14:18 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [05-10-19 06:59 155648]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [05-10-19 06:59 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [05-11-10 11:03 36975]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [05-11-15 10:12 473928]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-10-23 14:18 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 02:44:06 29696]

R0 NIPALK;NIPALK;C:\WINNT\system32\drivers\NIPALK.sys [04-11-04 14:57 ]
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [00-05-27 02:37 ]
R2 GpibPrtK;Gpib Port;C:\WINNT\system32\drivers\gpibprtk.sys [06-03-15 15:25 ]
R2 nidimk;nidimk;C:\WINNT\system32\drivers\nidimk.dll [04-03-26 19:23 ]
R2 nipxirmk;nipxirmk;C:\WINNT\system32\drivers\nipxirmk.dll [04-03-15 09:13 ]
R3 niorbk;niorbk;C:\WINNT\system32\drivers\niorbk.dll [04-03-31 16:03 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 12:05 ]
S3 NiViPxiK;NiViPxiK;C:\WINNT\system32\drivers\NiViPxiK.sys [04-03-30 09:22 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - NIPALK
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 09:57:02
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\nipalsm.exe
.
**************************************************************************
.
Completion time: 2008-03-20 9:58:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 16:58:21
.
2008-03-15 17:03:45 --- E O F ---

Here is the active scan info

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\Administrator\My Documents\freeware\ComboFix.exe[327882R2FWJFW\pv.cfexe]

gerbil 216 Industrious Poster · Answer 3 · 2008-03-22T05:55:59+00:00

Ryun, those logs look good to me. [the Panda virus detection is okay, it has just picked up a normal file in combofix].
You may delete combofix, its extracted files, C:\qoobox and combofix.txt.
So everything is fine now?

ryun 0 Junior Poster in Training · Answer 4 · 2008-03-22T20:20:03+00:00

ryun 0 Junior Poster in Training

16 Years Ago

Thanks

gerbil 216 Industrious Poster · Answer 5 · 2008-03-23T17:28:32+00:00

gerbil 216 Industrious Poster

16 Years Ago

Pleased to be able to help, ryun.
Cheers.

Need Help with LOG

Recommended Answers Collapse Answers

All 7 Replies

Recommended Answers