Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NNC.MGRS

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NNC.MGRS

Unread postby JacobsCreek » January 21st, 2009, 9:50 pm

This trojan has somehow attached itself to my browser and when I surf it tries to start a link ( if allowed it goes berserk and connects to numerous internet providers around the world), Spybot detects it and I disallow acceptance but it is an on-going problem. In 2 days it used up 25% of my download allowance ( 1 gig ) and I was not aware of it because it does it even when you are not on the internet. Here is my hyjackthis and unistall list.

Logfile of HijackThis v1.99.1
Scan saved at 11:32:38 AM, on 21/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\NetInternals\CostAware\niIPCApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinDates\WinDates.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HardCopy Pro\HardCopy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinDates.lnk = C:\Program Files\WinDates\WinDates.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\expsrv32.dll
O20 - Winlogon Notify: 7486d8b4517 - C:\WINDOWS\System32\expsrv32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RIP Listener (Iprip) - Apple Inc. - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9
Adobe® Photoshop® Album Starter Edition 3.0
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
Battlefield 1942
Battlefield 1942: The Road To Rome
Brightness Controller
Calculator Powertoy for Windows XP
cam2pc (remove only)
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ClearType Tuning Control Panel Applet
CloneCD
CmdHere Powertoy For Windows XP
C-Media WDM Audio Driver
CodeStuff Starter
Conexant USB Network Adapter
CopyProfile
CoreVorbis Audio Decoder (remove only)
CostAware 1.1 Revision 3
Crescendo for Internet Explorer
Desktop George
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
e-tax 2008
Excite Chat
Genius NetScroll + Series Mouse
Google Earth
Google Toolbar for Internet Explorer
Gyula's Navigator 1.28a
HardCopy Pro V1.5
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Home Media Server 4.0.0.0072
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
hp instant support
HP Photo and Imaging 1.1 - Photosmart Cameras
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
HTML Slideshow Powertoy for Windows XP
IconForge version 4.92
ICQ
Image Resizer Powertoy for Windows XP
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
L&H TTS3000 British English
LG Internetkit
LG SyncManager
LimeWire 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Lizardtech DjVu Control
LoanZipper version 1.0.2
MacChat Version 200
Macromedia Extension Manager
Macromedia Shockwave Player
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Media Library Management Wizard
MediaFACE 4.0
MediaFACE 4.0 Business Image Library
MediaFACE 4.0 General Image Library
MediaFACE 4.0 Lifestyle Image Library
MediaFACE 4.0 Music Image Library
MediaFACE 4.0 Special Occasion Image Library
MediaFACE 4.0 Spiritual Image Library
Messenger Plus!
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Reference Library - WE 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Producer
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Natural Selection
Nero
NetComm NB1300 USB Network Adapter
Next Generation Visualisations
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
Norton SystemWorks 2003
Norton WMI Update
NVIDIA Drivers
OtsTurntables Free 1.00.012
Paint Shop Pro 7 Anniversary Edition
Palace Uninstall
Patchworx2
PC Connectivity Solution
PCI SoftV92 Modem
Personal License Update Wizard for Windows Media Player
Picasa
Plus! MP3 Audio Converter LE
POD-Bot 2.5
PowerDVD
QuickTime
Readiris 7.5
Realtek AC'97 Audio
RegistryFix v5.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shockwave
Simpli Software's Places Utility v1.0
Simply Budgets 1st Steps
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Slideshow Generator Powertoy for Windows XP
SmartCam
SmartCamera Ver 2.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stickies 5.2b
Studio
Swish 1.52
SyncToy
The Specialists Beta 1.5
Timershot Powertoy for Windows XP
Trellian Button Factory
Tweakui Powertoy for Windows XP
Tweak-XP
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Virtual Desktop Manager Powertoy for Windows XP
Virtual Places
WinDates
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinZip
Xfire (remove only)
xp-AntiSpy (remove only)
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
JacobsCreek
Active Member
 
Posts: 5
Joined: January 21st, 2009, 5:40 am
Advertisement
Register to Remove

Re: NNC.MGRS

Unread postby JacobsCreek » January 22nd, 2009, 11:01 pm

HELP - my internet usage has now jumped to 60% ( 2.4 gigs ) ,up from 30% yesterday with very little surfing ?????
JacobsCreek
Active Member
 
Posts: 5
Joined: January 21st, 2009, 5:40 am

Re: NNC.MGRS

Unread postby NonSuch » January 23rd, 2009, 11:05 pm

We're sorry, but your topic has been closed.

We're sorry, but due to "bumping" your topic it is highly unlikely that you would have received a response. Our helpers are looking for topics with zero responses. When you post replies to your own topic, it no longer has zero responses, and so it appears that you have received help when in fact, you have not.

If you still require help, please open a new thread in the Malware Removal forum and wait for assistance. DO NOT reply to your own topic until you have received a response from a helper. Be patient. There are others who have been waiting far longer than you, so do not expect an immediate reply. If your situation is emergent and you require immediate help, then we suggest you take your computer to a trusted local shop where they may be able to begin work on it much sooner than any of the volunteer-supported free sites such as this one.

Thank you for your cooperation.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 509 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware