Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Comp!


  • Please log in to reply
7 replies to this topic

#1 vish

vish

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 16 September 2007 - 04:01 PM

ive got some sort of spyware, dont know what though, am getting lots of popups.
ran scan with s&d and ad aware but nothing detected!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:16, on 16/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\btbb_wcm\McciTrayApp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Vishal Patel\Desktop\Utilities\Anti-Virus\hijackthis\HijackThis.exe
D:\Documents and Settings\Vishal Patel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "D:\WINDOWS\Temp\CTun.exe" "/remove"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = D:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146151486658
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146151661497
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10871 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 17 September 2007 - 04:37 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum vish :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

*NOTE*
If you have previously downloaded ComboFix,please delete that version and download it again from below.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 vish

vish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 17 September 2007 - 12:27 PM

COMBOFIX:

ComboFix 07-09-17.2 - "Vishal Patel" 2007-09-17 18:24:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.738 [GMT 1:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\DOCUME~1\VISHAL~1\APPLIC~1\WNSXS~1
D:\DOCUME~1\VISHAL~1\MYDOCU~1\YMBOLS~1
D:\DOCUME~1\VISHAL~1\MYDOCU~1\YMBOLS~1\?srss.exe
D:\Program Files\racle~1
D:\Program Files\racle~1\mshta.exe
D:\WINDOWS\pack.epk
D:\WINDOWS\system32\mddprwmua.dat
D:\WINDOWS\system32\mddprwmua.exe
D:\WINDOWS\system32\mddprwmua_nav.dat
D:\WINDOWS\system32\mddprwmua_navps.dat
D:\WINDOWS\system32\nvs2.inf
D:\WINDOWS\system32\wnsintit.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))
.

2007-09-17 18:23 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-09-16 21:30 <DIR> d-------- D:\VundoFix Backups
2007-09-15 15:32 138,624 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-09-15 15:16 <DIR> d-------- D:\Program Files\Spyware Terminator
2007-09-15 15:16 <DIR> d-------- D:\DOCUME~1\VISHAL~1\APPLIC~1\Spyware Terminator
2007-09-15 15:16 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-09-14 22:18 <DIR> d-------- D:\Program Files\Enigma Software Group
2007-09-13 11:12 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-13 11:08 <DIR> d-------- D:\DOCUME~1\VISHAL~1\.housecall6.6
2007-09-01 14:51 <DIR> d-------- D:\Program Files\iPod
2007-09-01 14:50 <DIR> d-------- D:\Program Files\iTunes
2007-09-01 14:34 <DIR> d-------- D:\Program Files\Common Files\Apple
2007-09-01 14:34 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-20 12:40 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-20 12:38 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-08-19 12:26 273,920 --a------ D:\WINDOWS\system32\cwlivjeshu.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 15:32 --------- d-------- D:\Program Files\ewido anti-malware
2007-09-15 15:31 --------- d-------- D:\Program Files\DAEMON Tools
2007-09-15 15:21 --------- d-------- D:\Program Files\Lavasoft
2007-09-15 15:20 --------- d-------- D:\DOCUME~1\VISHAL~1\APPLIC~1\Lavasoft
2007-09-14 11:49 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-09-10 17:04 --------- d-------- D:\Program Files\Nikon
2007-09-10 17:03 --------- d-------- D:\Program Files\SopCast
2007-09-10 17:03 --------- d-------- D:\Program Files\Kontiki
2007-09-10 17:02 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-03 18:30 --------- d-------- D:\DOCUME~1\VISHAL~1\APPLIC~1\BitTorrent
2007-09-01 14:44 --------- d-------- D:\Program Files\QuickTime
2007-08-31 15:27 --------- d-------- D:\Program Files\MSN Messenger
2007-08-31 15:27 --------- d-------- D:\Program Files\Messenger Plus! Live
2007-08-20 18:59 --------- d-------- D:\Program Files\BitTorrent
2007-08-20 12:51 --------- d-------- D:\DOCUME~1\VISHAL~1\APPLIC~1\Google
2007-08-20 12:40 --------- d-------- D:\Program Files\Google
2007-08-16 15:10 821536 --a------ D:\WINDOWS\system32\drivers\avg7core.sys.~
2007-08-15 16:45 --------- d-------- D:\Program Files\Western Digital Technologies
2007-08-11 13:21 --------- d-------- D:\Program Files\Microsoft Picture It! PhotoPub
2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ D:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ D:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\wups.dll
2007-06-26 07:08 1104896 --a------ D:\WINDOWS\system32\msxml3.dll
2007-06-19 14:31 282112 --a------ D:\WINDOWS\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"nwiz"="nwiz.exe" [2006-03-09 15:29 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"type32"="D:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51]
"IntelliPoint"="D:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50]
"NvMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 14:30]
"Easy-PrintToolBox"="D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-01 21:33]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"btbb_wcm_McciTrayApp"="D:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 11:51]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Motive SmartBridge"="D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" [2006-05-24 14:20]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 11:18]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-15 15:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"MessengerPlus3"="D:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-28 16:21]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 12:38]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

D:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
BT Broadband Desktop Help.lnk - D:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-02-22 22:56:40]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 iadusb;BT Voyager 205 ADSL Router;D:\WINDOWS\system32\DRIVERS\glauiad.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;D:\WINDOWS\system32\DRIVERS\point32.sys
R3 VBus;Virtual Bus;D:\WINDOWS\system32\DRIVERS\NkVBus.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc6f1ece-ef19-11da-aa93-0011f50b400c}]
AutoRun\command- F:\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-08 13:26:11 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-17 18:28:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-17 18:29:22
D:\ComboFix-quarantined-files.txt ... 2007-09-17 18:28
.
--- E O F ---


hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:43, on 17/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\btbb_wcm\McciTrayApp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Vishal Patel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = D:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146151486658
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146151661497
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10532 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 17 September 2007 - 12:44 PM

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.exe
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:
D:\WINDOWS\system32\cwlivjeshu.exe
Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

Please download Navilog1 by IL-MAFIOSO:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

* Extract its contents to the desktop.
* Double click on navilog1.exe to install it on your computer.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time)
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 vish

vish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 17 September 2007 - 04:38 PM

Search Navipromo version 3.0.4 began on 17/09/2007 at 22:26:21.78

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from D:\Program Files\navilog1
Updated on 16.09.2007 at 13h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.11

Done in normal mode

*** Searching for installed Software ***




*** Search folders in D:\WINDOWS ***



*** Search folders in D:\Program Files ***



*** Search folders in D:\Documents and Settings\All Users\Application Data ***




*** Search folders in D:\Documents and Settings\Vishal Patel\Application Data ***


*** Search with BlackLight Engine/F-secure ***
BlackLight Engine is a product of F-secure, for more info:
http://www.f-secure.com/blacklight/blacklight_help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 09/17/07 at 22:26:23.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ....................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 09/17/07 at 22:40:13 (return code = 0).


*** Search with GenericNaviSearch ***
!!! Possibility of legitims files in the result !!!
!!! To be always checked before manually deleting !!!

* Scan D:\WINDOWS\system32 *

Files found :

No File found !

Suspicious Files :

No Suspicious File found !



*** Search files ***




*** Search registry keys ***



*** Complementary Search ***
(Search specifics files)

1)Search known files:

2)Heuristic Search :






3)Certificates Search :

Certificate Egroup not found !


*** Search completed on 17/09/2007 at 22:40:34.01 ***


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:34, on 17/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\btbb_wcm\McciTrayApp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Documents and Settings\Vishal Patel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = D:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146151486658
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146151661497
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10604 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 17 September 2007 - 05:47 PM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Post a new Hijackthis log,let me know how your pc is running now.

Edited by RichieUK, 17 September 2007 - 05:48 PM.

Posted Image
Posted Image

#7 vish

vish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 18 September 2007 - 05:21 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/18/2007 at 10:49 AM

Application Version : 3.9.1008

Core Rules Database Version : 3308
Trace Rules Database Version: 1314

Scan type : Quick Scan
Total Scan Time : 00:24:16

Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 793
Registry threats detected : 3
File items scanned : 24536
File threats detected : 24

Adware.Tracking Cookie
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@tracking.dc-storm[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@adtech[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@revsci[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@windowsmedia[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@crackle[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@hotlog[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@ad.uk.tangozebra[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@screensavers[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@adserver.mediarun[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@stat.dealtime[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@rambler[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@gostats[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@tribalfusion[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@atdmt[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@ad1.emediate[3].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@msnportal.112.2o7[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@serving-sys[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@www.ppctracking[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@ads.uknetguide.co[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@bs.serving-sys[2].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@ad.zanox[1].txt
D:\Documents and Settings\Vishal Patel\Cookies\vishal_patel@ad1.clickhype[1].txt

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx#{74CD40EA-EF77-4BAD-808A-B5982DA73F20}

Adware.ClickSpring-Variant
D:\QOOBOX\QUARANTINE\D\PROGRAM FILES\RACLE~1\MSHTA.EXE.VIR

Trojan.Unknown Origin
D:\QOOBOX\QUARANTINE\D\WINDOWS\SYSTEM32\WNSINTIT.EXE.VIR


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:56, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\btbb_wcm\McciTrayApp.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\Documents and Settings\Vishal Patel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvMixerTray] D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = D:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146151486658
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146151661497
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10835 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 18 September 2007 - 05:35 AM

Your log is clean :thumbsup:

If all's ok,please do the following:
Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users