Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help With Cid Popups


  • Please log in to reply
1 reply to this topic

#1 djdawg

djdawg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 10 August 2007 - 07:54 AM

ok i have a cid popup thats driving me nutts here is my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:16 AM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache\Apache.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [TICK INSIDE TIME WAY] C:\Documents and Settings\All Users\Application Data\2 tray tick inside\16 Deaf.exe
O4 - HKLM\..\Run: [aim intra rect way] C:\Documents and Settings\All Users\Application Data\NOUN HECK WAY 2\Comp inter test.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [creativesoap] C:\DOCUME~1\DONALD~1\APPLIC~1\RECTVI~1\BOREGRID.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1185976909484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1185978103312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

also have this one if it helps ..
ComboFix 07-08-10.8 - "donald lincoln" 2007-08-10 8:37:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.483 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\DONALD~1\Desktop\internet.lnk
C:\WINDOWS\hosts


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 08:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 08:21 6,010 --a------ C:\dnsbak.reg
2007-08-10 07:42 401,720 --a------ C:\Program Files\HiJackThis.exe
2007-08-10 02:35 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-09 23:59 <DIR> d-------- C:\Program Files\Rectviewfind
2007-08-09 23:59 <DIR> d-------- C:\Program Files\3wPlayer
2007-08-09 23:59 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\Rectviewfind
2007-08-08 08:09 92,160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-08-08 08:09 <DIR> d-------- C:\Program Files\MagicDisc
2007-08-07 21:16 99,176 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-08-07 21:16 92,920 --a------ C:\WINDOWS\DLA.EXE
2007-08-07 21:16 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2007-08-07 21:16 51,800 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-08-07 21:16 28,216 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2007-08-07 21:16 12,952 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-08-07 21:16 <DIR> d-------- C:\WINDOWS\system32\DLA
2007-08-07 21:16 <DIR> d-------- C:\Program Files\Roxio
2007-08-07 21:15 <DIR> d-------- C:\Program Files\DivX
2007-08-07 21:15 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-07 21:08 <DIR> d-------- C:\roxio
2007-08-07 20:42 <DIR> d-------- C:\Program Files\MagicISO
2007-08-07 14:59 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek
2007-08-07 14:58 <DIR> d-ah----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
2007-08-07 14:58 <DIR> d--h----- C:\DOCUME~1\DONALD~1\APPLIC~1\GTek
2007-08-07 14:58 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2007-08-07 12:17 <DIR> d-------- C:\Temp
2007-08-07 12:12 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\dvdcss
2007-08-07 03:27 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-08-07 03:27 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-08-07 03:27 <DIR> d-------- C:\Program Files\Xilisoft
2007-08-07 03:27 <DIR> d-------- C:\Program Files\QuickTime
2007-08-06 12:27 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\CyberLink
2007-08-06 12:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-06 12:23 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-06 12:23 <DIR> d-------- C:\Program Files\CyberLink
2007-08-06 12:19 <DIR> d-------- C:\Program Files\PowerISO
2007-08-04 23:20 38,912 -ra------ C:\WINDOWS\system32\drivers\P2k.sys
2007-08-04 23:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-08-04 23:18 <DIR> d-------- C:\Program Files\GoMyTEAM
2007-08-04 22:45 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2007-08-04 22:45 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-08-04 22:38 327,168 --a------ C:\WINDOWS\IsUninst.exe
2007-08-04 22:30 <DIR> d-------- C:\Program Files\PHP
2007-08-04 22:27 <DIR> d-------- C:\Program Files\Apache Group
2007-08-04 22:26 <DIR> d-------- C:\Program Files\Motorola
2007-08-04 22:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-04 13:37 <DIR> d-------- C:\Program Files\ICQ6
2007-08-04 13:37 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\ICQ
2007-08-04 13:36 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\InstallShield
2007-08-04 13:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-04 13:33 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-03 21:05 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\Move Networks
2007-08-03 20:15 <DIR> d-------- C:\Program Files\NetPumper
2007-08-03 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOUN HECK WAY 2
2007-08-03 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2 tray tick inside
2007-08-02 10:48 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\Media Player Classic
2007-08-02 10:46 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-02 10:46 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-02 10:46 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-08-02 10:46 564,224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-08-02 10:46 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-02 10:46 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-08-02 10:46 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-02 10:46 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-08-02 10:46 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-08-02 10:46 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-02 10:46 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-08-02 10:46 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-08-02 10:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-08-02 10:32 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\WinRAR
2007-08-02 10:16 <DIR> d-------- C:\c1mIRC
2007-08-01 23:58 <DIR> d-------- C:\Program Files\SpacialAudio
2007-08-01 23:51 <DIR> d-------- C:\xampp
2007-08-01 23:20 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80221102}.dat
2007-08-01 23:20 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80221102}.dat
2007-08-01 23:12 <DIR> d-------- C:\Program Files\Atomic Clock Sync
2007-08-01 15:25 <DIR> d-------- C:\DOCUME~1\DONALD~1\APPLIC~1\Azureus
2007-08-01 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-01 15:18 <DIR> d-------- C:\Program Files\Azureus
2007-08-01 15:10 26,680 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2007-08-01 15:10 25,528 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2007-08-01 15:10 <DIR> d-------- C:\Program Files\Pure Networks
2007-08-01 15:10 <DIR> d-------- C:\Program Files\DIFX
2007-08-01 15:10 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-08-01 15:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-08-01 12:57 998,004 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2007-08-01 12:57 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2007-08-01 12:57 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-08-01 12:57 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2007-08-01 12:57 837,548 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-08-01 12:57 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2007-08-01 12:57 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2007-08-01 12:57 65,536 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
2007-08-01 12:57 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-08-01 12:57 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
2007-08-01 12:57 61,440 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2007-08-01 12:57 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
2007-08-01 12:57 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2007-08-01 12:57 53,552 --------- C:\WINDOWS\CTCCW.DLL
2007-08-01 12:57 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 07:43 6640 --a------ C:\Program Files\hijackthis.log
2007-08-02 23:52 2378 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-08-02 23:51 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-08-01 09:42 --------- d-------- C:\Program Files\Google
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-01 08:20 51568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-05-21 10:03 487424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-05-21 10:03 344064 --a------ C:\WINDOWS\system32\msvcr70.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-05-21 10:01]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00]
"TICK INSIDE TIME WAY"="C:\Documents and Settings\All Users\Application Data\2 tray tick inside\16 Deaf.exe" [2007-08-10 08:25]
"aim intra rect way"="C:\Documents and Settings\All Users\Application Data\NOUN HECK WAY 2\Comp inter test.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-02-04 00:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16]
"creativesoap"="C:\DOCUME~1\DONALD~1\APPLIC~1\RECTVI~1\BOREGRID.exe" []

C:\Documents and Settings\donald lincoln\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-08-08 08:09:37]

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 elagopro;GoProto Protocol Driver for LELA;C:\WINDOWS\system32\DRIVERS\elagopro.sys
R2 elaunidr;UniDriver for LELA;C:\WINDOWS\system32\DRIVERS\elaunidr.sys
R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
R3 mcdbus;Driver for MagicISO SCSI Host Controller;C:\WINDOWS\system32\DRIVERS\mcdbus.sys
S2 Apache2.2;Apache2.2;"C:\xampp\apache\bin\apache.exe" -k runservice
S2 spupdsvc;Windows Service Pack Installer update service;C:\WINDOWS\system32\spupdsvc.exe
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 08:39:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 8:39:56
C:\ComboFix-quarantined-files.txt ... 2007-08-10 08:39

--- E O F ---
--
End of file - 6462 bytes

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 10 August 2007 - 04:42 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum djdawg :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Click on Start>Control Panel>Add/Remove Programs.
Uninstall/remove any of the following programs if listed:
Netpumper
Bitroll
Bitgrabber
Bitdownload
Torrent101
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Search Plugin
WinZix
Zone Media

This is because they are often bundled with the malware you are dealing with.
Don't worry if none of them are present.
If you removed any of them please restart your pc.

******************************

Download NoLop.exe to your desktop.

* First close any other programs you have running as this will require a reboot.
* Double click NoLop.exe to run it.
* Then click the button labelled "Search and Destroy".
* When scanning is finished you will be prompted to reboot only if infected,click 'OK'.
* Now click the "REBOOT" Button.
* A Message should popup from NoLop, if not,double click the program again and it will finish.
Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.

If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your 'System32' folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users