Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

NNC.MGRS

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

NNC.MGRS

Unread postby JacobsCreek » January 24th, 2009, 2:16 am

This trojan has somehow attached itself to my browser and when I surf it tries to start a link ( if allowed it goes berserk and connects to numerous internet providers around the world), Spybot detects it and I disallow acceptance but it is an on-going problem. Ii is eating up my internet usage even when I am not on the internet. Here is my hyjackthis and unistall list.

Logfile of HijackThis v1.99.1
Scan saved at 11:32:38 AM, on 21/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\NetInternals\CostAware\niIPCApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinDates\WinDates.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HardCopy Pro\HardCopy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinDates.lnk = C:\Program Files\WinDates\WinDates.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\expsrv32.dll
O20 - Winlogon Notify: 7486d8b4517 - C:\WINDOWS\System32\expsrv32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RIP Listener (Iprip) - Apple Inc. - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9
Adobe® Photoshop® Album Starter Edition 3.0
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
Battlefield 1942
Battlefield 1942: The Road To Rome
Brightness Controller
Calculator Powertoy for Windows XP
cam2pc (remove only)
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ClearType Tuning Control Panel Applet
CloneCD
CmdHere Powertoy For Windows XP
C-Media WDM Audio Driver
CodeStuff Starter
Conexant USB Network Adapter
CopyProfile
CoreVorbis Audio Decoder (remove only)
CostAware 1.1 Revision 3
Crescendo for Internet Explorer
Desktop George
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
e-tax 2008
Excite Chat
Genius NetScroll + Series Mouse
Google Earth
Google Toolbar for Internet Explorer
Gyula's Navigator 1.28a
HardCopy Pro V1.5
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Home Media Server 4.0.0.0072
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
hp instant support
HP Photo and Imaging 1.1 - Photosmart Cameras
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
HTML Slideshow Powertoy for Windows XP
IconForge version 4.92
ICQ
Image Resizer Powertoy for Windows XP
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
L&H TTS3000 British English
LG Internetkit
LG SyncManager
LimeWire 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Lizardtech DjVu Control
LoanZipper version 1.0.2
MacChat Version 200
Macromedia Extension Manager
Macromedia Shockwave Player
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Media Library Management Wizard
MediaFACE 4.0
MediaFACE 4.0 Business Image Library
MediaFACE 4.0 General Image Library
MediaFACE 4.0 Lifestyle Image Library
MediaFACE 4.0 Music Image Library
MediaFACE 4.0 Special Occasion Image Library
MediaFACE 4.0 Spiritual Image Library
Messenger Plus!
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Reference Library - WE 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Producer
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Natural Selection
Nero
NetComm NB1300 USB Network Adapter
Next Generation Visualisations
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
Norton SystemWorks 2003
Norton WMI Update
NVIDIA Drivers
OtsTurntables Free 1.00.012
Paint Shop Pro 7 Anniversary Edition
Palace Uninstall
Patchworx2
PC Connectivity Solution
PCI SoftV92 Modem
Personal License Update Wizard for Windows Media Player
Picasa
Plus! MP3 Audio Converter LE
POD-Bot 2.5
PowerDVD
QuickTime
Readiris 7.5
Realtek AC'97 Audio
RegistryFix v5.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shockwave
Simpli Software's Places Utility v1.0
Simply Budgets 1st Steps
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Slideshow Generator Powertoy for Windows XP
SmartCam
SmartCamera Ver 2.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stickies 5.2b
Studio
Swish 1.52
SyncToy
The Specialists Beta 1.5
Timershot Powertoy for Windows XP
Trellian Button Factory
Tweakui Powertoy for Windows XP
Tweak-XP
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Virtual Desktop Manager Powertoy for Windows XP
Virtual Places
WinDates
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinZip
Xfire (remove only)
xp-AntiSpy (remove only)
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
JacobsCreek
Active Member
 
Posts: 5
Joined: January 21st, 2009, 5:40 am
Top
Advertisement
Register to Remove

Re: NNC.MGRS

Unread postby Rodav » February 2nd, 2009, 6:16 pm

I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our volunteer helpers are at full capacity. I'm subscribed to this topic now and will help you with any malware issues you may have, if you still need any assistance.

As it has been a while since you posted last and changes may have been made to your system please run HijackThis again and post a new log in your next reply along with a brief description of how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.
Top

Re: NNC.MGRS

Unread postby JacobsCreek » February 3rd, 2009, 4:40 pm

I have updated my norton's products since last scans. My virus definition updates were 12 months old. Nortons located a number of trojans and I managed to deal with them,also updated Malwarebytes which found some more trojans which it removed. So far there seems to be no activity after I have left the internet. Spybot is no longer saying that NNC.MGRS is present and also I have not noticed inappropriate links trying to force there way on to my screen. I would still appreciate some suggestions to clean up some of my entries that may cause problems or are no longer necessary, thanks

Logfile of HijackThis v1.99.1
Scan saved at 5:26:09 AM, on 4/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\PROGRA~1\Norton SystemWorks Premier Edition\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetInternals\CostAware\niIPCApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\WinDates\WinDates.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O4 - HKLM\..\Run: [CostAware] C:\Program Files\NetInternals\CostAware\niIPCApp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe"
O4 - HKLM\..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC8780] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HardCopy Pro] C:\Program Files\HardCopy Pro\HardCopy Pro.exe -m
O4 - HKCU\..\RunOnce: [SpybotDeletingB9269] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4755] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Global Startup: WinDates.lnk = C:\Program Files\WinDates\WinDates.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RIP Listener (Iprip) - Apple Inc. - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton AntiVirus" /m "C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks Premier Edition\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton SystemWorks Premier Edition\Norton Utilities\Speed Disk\NOPDB.EXE

Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9
Adobe® Photoshop® Album Starter Edition 3.0
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
Battlefield 1942
Battlefield 1942: The Road To Rome
Brightness Controller
Calculator Powertoy for Windows XP
cam2pc (remove only)
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CheckIt Diagnostics
ClearType Tuning Control Panel Applet
CloneCD
CmdHere Powertoy For Windows XP
C-Media WDM Audio Driver
CodeStuff Starter
Conexant USB Network Adapter
Connection Keep Alive
CopyProfile
CoreVorbis Audio Decoder (remove only)
CostAware 1.1 Revision 3
Crescendo for Internet Explorer
Desktop George
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
e-tax 2008
Excite Chat
Genius NetScroll + Series Mouse
Google Earth
Google Toolbar for Internet Explorer
Gyula's Navigator 1.28a
HardCopy Pro V1.5
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Home Media Server 4.0.0.0072
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
hp instant support
HP Photo and Imaging 1.1 - Photosmart Cameras
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
HTML Slideshow Powertoy for Windows XP
IconForge version 4.92
ICQ
Image Resizer Powertoy for Windows XP
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
L&H TTS3000 British English
LG Internetkit
LG SyncManager
LimeWire 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Lizardtech DjVu Control
LoanZipper version 1.0.2
MacChat Version 200
Macromedia Extension Manager
Macromedia Shockwave Player
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Media Library Management Wizard
MediaFACE 4.0
MediaFACE 4.0 Business Image Library
MediaFACE 4.0 General Image Library
MediaFACE 4.0 Lifestyle Image Library
MediaFACE 4.0 Music Image Library
MediaFACE 4.0 Special Occasion Image Library
MediaFACE 4.0 Spiritual Image Library
Messenger Plus!
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Reference Library - WE 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Producer
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Natural Selection
Nero
NetComm NB1300 USB Network Adapter
Next Generation Visualisations
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
Norton AntiVirus
Norton Cleanup
Norton Save and Restore
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Premier Edition
Norton Utilities
NVIDIA Drivers
OtsTurntables Free 1.00.012
Paint Shop Pro 7 Anniversary Edition
Palace Uninstall
Patchworx2
PC Connectivity Solution
PCI SoftV92 Modem
PerformanceTest
Personal License Update Wizard for Windows Media Player
Picasa
Plus! MP3 Audio Converter LE
POD-Bot 2.5
PowerDVD
QuickTime
Readiris 7.5
Realtek AC'97 Audio
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shockwave
Simpli Software's Places Utility v1.0
Simply Budgets 1st Steps
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Slideshow Generator Powertoy for Windows XP
SmartCam
SmartCamera Ver 2.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stickies 5.2b
Studio
Swish 1.52
SyncToy
The Specialists Beta 1.5
Timershot Powertoy for Windows XP
Trellian Button Factory
Tweakui Powertoy for Windows XP
Tweak-XP
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Virtual Desktop Manager Powertoy for Windows XP
Virtual Places
WinDates
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinZip
Xfire (remove only)
xp-AntiSpy (remove only)
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
JacobsCreek
Active Member
 
Posts: 5
Joined: January 21st, 2009, 5:40 am
Top

Re: NNC.MGRS

Unread postby Rodav » February 3rd, 2009, 5:02 pm

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate LimeWire 4.18.8 and click on the Change/Remove button to uninstall it.
  3. Repeat for Any other Peer 2 Peer program.
  4. Close Add/Remove Programs and Control Panel when done and restart your computer.


Step 1:
Download at your desktop DDS from one of the links below:

Link1
Link2
Link3
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.
Top

Re: NNC.MGRS

Unread postby JacobsCreek » February 4th, 2009, 6:00 am

DDS (Ver_09-02-01.01) - NTFSx86
Run by Computer 1 at 18:39:04.26 on Wed 04/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.450 [GMT 9:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\PROGRA~1\Norton SystemWorks Premier Edition\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetInternals\CostAware\niIPCApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\WinDates\WinDates.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Computer 1\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROProj.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HardCopy Pro] c:\program files\hardcopy pro\HardCopy Pro.exe -m
uRunOnce: [SpybotDeletingB9269] command /c del "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingD4755] cmd /c del "c:\windows\SchedLgU.Txt"
mRun: [CostAware] c:\program files\netinternals\costaware\niIPCApp.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NSWosCheck] "c:\program files\norton systemworks premier edition\osCheck.exe"
mRun: [NswUiTray] c:\program files\norton systemworks premier edition\NswUiTray.exe
mRunOnce: [SpybotDeletingC8780] cmd /c del "c:\windows\SchedLgU.Txt"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mExplorerRun: [none] c:\program files\video activex object\pmsngr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\windates.lnk - c:\program files\windates\WinDates.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks premier edition\norton cleanup\WCQuick.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: xfire_lsp_9028.dll
Trusted Zone: aol.com\free
Trusted Zone: lavasoft.de\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/sh ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\msero.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1002000.007\SymEFA.sys [2009-1-31 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2009-1-31 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2009-1-31 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090129.005\IDSxpx86.sys [2009-1-30 276344]
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [2009-2-1 18432]
R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2003-5-29 39880]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2009-1-31 115560]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton systemworks premier edition\norton utilities\NPROTECT.EXE [2008-9-25 95600]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-31 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090203.024\NAVENG.SYS [2009-2-4 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090203.024\NAVEX15.SYS [2009-2-4 876112]
S2 Iprip;RIP Listener; [x]
S2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [2002-10-6 85868]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2002-10-6 115136]
S3 4CamMingJong;SmartCam;c:\windows\system32\drivers\SNPCHV71.SYS [2003-4-24 230938]
S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [2005-12-26 20218]
S4 Norton Save and Restore;Norton Save and Restore;c:\program files\norton save and restore\agent\VProSvc.exe [2008-9-29 3425632]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-02-01 17:26 18,432 a------- c:\windows\system32\drivers\prcmondrv1041.sys
2009-01-31 09:36 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-01-31 09:31 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-01-31 09:08 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-01-30 21:39 <DIR> --d----- c:\program files\PerformanceTest
2009-01-30 21:38 <DIR> --d----- c:\program files\Smith Micro
2009-01-30 21:37 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
2009-01-30 21:37 14,072 a------- c:\windows\system32\drivers\vproeventmonitor.sys
2009-01-30 21:37 37,864 a------- c:\windows\system32\drivers\v2imount.sys
2009-01-30 21:37 138,080 a------- c:\windows\system32\drivers\symsnap.sys
2009-01-30 21:36 <DIR> --d----- c:\program files\Norton Save and Restore
2009-01-30 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-01-30 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-01-30 21:26 <DIR> --d----- c:\program files\NortonInstaller
2009-01-30 21:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-01-30 21:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonSystemWorks
2009-01-30 21:24 <DIR> --d----- c:\program files\Norton SystemWorks Premier Edition
2009-01-30 21:24 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-30 21:24 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-26 13:13 <DIR> --d----- c:\program files\Safer Networking
2009-01-22 06:14 <DIR> --dsh--- c:\windows\system32\GroupPolicyManifest
2009-01-20 19:18 <DIR> --d----- c:\docume~1\comput~1\applic~1\Malwarebytes
2009-01-20 19:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-20 19:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 19:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 19:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-20 07:48 0 a------- c:\windows\system32\C8.tmp
2009-01-18 21:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 03:41 6,565 a------- c:\windows\GnuHashes.ini
2009-01-16 03:34 1,485 a--sh--- c:\windows\system32\GroupPolicy000.dat

==================== Find3M ====================

2009-01-31 09:36 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-31 09:36 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-11 19:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-03-10 16:50 160,416 a------- c:\docume~1\comput~1\applic~1\GDIPFONTCACHEV1.DAT
2006-12-06 07:08 337 a------- c:\docume~1\comput~1\applic~1\internaldb1942.dat
2005-10-02 20:53 5,632 a--sh--- c:\program files\Thumbs.db
2005-04-07 23:00 32 a--sh--- c:\windows\{6313D7C5-D8AF-4867-B446-54DC3C3EBB25}.dat
2005-04-07 23:00 32 a--sh--- c:\windows\system32\{B485FACF-8F5D-411B-BB90-DCF6ABE88B19}.dat
2008-06-23 06:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062320080624\index.dat

============= FINISH: 18:39:55.59 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/03/2006 7:06:41 PM
System Uptime: 2/01/2009 7:56:13 PM (791 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S800-MX SE
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2394/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 12.639 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 22.368 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900-Based PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_810E1043&REV_90\3&267A616A&0&20
Manufacturer: SiS
Name: SiS 900-Based PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_810E1043&REV_90\3&267A616A&0&20
Service: SISNICXP

Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1039&DEV_0180&SUBSYS_810E1043&REV_01\3&267A616A&0&28
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1039&DEV_0180&SUBSYS_810E1043&REV_01\3&267A616A&0&28
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6101
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6101
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP1: 1/02/2009 6:11:29 PM - System Checkpoint
RP2: 1/02/2009 7:08:28 PM - Spybot-S&D Spyware removal
RP3: 3/02/2009 12:16:10 AM - System Checkpoint
RP4: 3/02/2009 5:00:48 AM - Software Distribution Service 3.0
RP5: 4/02/2009 6:31:29 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9
Adobe® Photoshop® Album Starter Edition 3.0
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Battlefield 1942
Battlefield 1942: The Road To Rome
Brightness Controller
C-Media WDM Audio Driver
Calculator Powertoy for Windows XP
cam2pc (remove only)
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CheckIt Diagnostics
ClearType Tuning Control Panel Applet
CloneCD
CmdHere Powertoy For Windows XP
CodeStuff Starter
Conexant USB Network Adapter
Connection Keep Alive
CopyProfile
CoreVorbis Audio Decoder (remove only)
CostAware 1.1 Revision 3
Crescendo for Internet Explorer
Desktop George
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
e-tax 2008
Excite Chat
Genius NetScroll + Series Mouse
Google Earth
Google Toolbar for Internet Explorer
Gyula's Navigator 1.28a
HardCopy Pro V1.5
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Home Media Server 4.0.0.0072
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
hp instant support
HP Photo and Imaging 1.1 - Photosmart Cameras
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
HTML Slideshow Powertoy for Windows XP
IconForge version 4.92
ICQ
Image Resizer Powertoy for Windows XP
IMVU Avatar Chat Software
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
L&H TTS3000 British English
LG Internetkit
LG SyncManager
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Lizardtech DjVu Control
LoanZipper version 1.0.2
MacChat Version 200
Macromedia Extension Manager
Macromedia Shockwave Player
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Media Library Management Wizard
MediaFACE 4.0
MediaFACE 4.0 Business Image Library
MediaFACE 4.0 General Image Library
MediaFACE 4.0 Lifestyle Image Library
MediaFACE 4.0 Music Image Library
MediaFACE 4.0 Special Occasion Image Library
MediaFACE 4.0 Spiritual Image Library
Messenger Plus!
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Reference Library - WE 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Producer
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Natural Selection
Nero
NetComm NB1300 USB Network Adapter
Next Generation Visualisations
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
Norton AntiVirus
Norton Cleanup
Norton Save and Restore
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Premier Edition
Norton Utilities
NVIDIA Drivers
OtsTurntables Free 1.00.012
Paint Shop Pro 7 Anniversary Edition
Palace Uninstall
Patchworx2
PC Connectivity Solution
PCI SoftV92 Modem
PerformanceTest
Personal License Update Wizard for Windows Media Player
Picasa
Plus! MP3 Audio Converter LE
POD-Bot 2.5
PowerDVD
QuickTime
Readiris 7.5
Realtek AC'97 Audio
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shockwave
Simpli Software's Places Utility v1.0
Simply Budgets 1st Steps
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Slideshow Generator Powertoy for Windows XP
SmartCam
SmartCamera Ver 2.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stickies 5.2b
Studio
Swish 1.52
SyncToy
The Specialists Beta 1.5
Timershot Powertoy for Windows XP
Trellian Button Factory
Tweak-XP
Tweakui Powertoy for Windows XP
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Vampire - The Masquerade Bloodlines
Virtual Desktop Manager Powertoy for Windows XP
Virtual Places
WebFldrs XP
WinDates
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinZip
Xfire (remove only)
xp-AntiSpy (remove only)
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

30/01/2009 5:49:00 PM, error: Service Control Manager [7000] - The RIP Listener service failed to start due to the following error: The system cannot find the path specified.
30/01/2009 5:49:00 PM, error: Service Control Manager [7000] - The Print Port Scanner Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
30/01/2009 7:50:51 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
30/01/2009 7:27:58 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{769B8AFA-4472-48D0-85DC-7ACE44D78A16} because another computer on the network has the same name. The server could not start.
30/01/2009 7:27:58 AM, error: NetBT [4321] - The name "RAD :20" could not be registered on the Interface with IP address 192.168.0.2. The machine with the IP address 192.168.0.3 did not allow the name to be claimed by this machine.
30/01/2009 7:27:54 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
30/01/2009 7:27:44 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0001023D2B54 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
29/01/2009 9:33:44 PM, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0001023D2B54 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
29/01/2009 8:49:05 AM, error: NetBT [4321] - The name "RAD :0" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not allow the name to be claimed by this machine.
31/01/2009 7:55:02 AM, error: NetBT [4321] - The name "RAD :0" could not be registered on the Interface with IP address 192.168.0.2. The machine with the IP address 192.168.0.3 did not allow the name to be claimed by this machine.
31/01/2009 11:05:57 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
31/01/2009 11:08:32 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Norton Save and Restore with arguments "" in order to run the server: {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
31/01/2009 11:46:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Norton AntiVirus service.
1/02/2009 3:46:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/02/2009 5:37:14 PM, error: NetBT [4321] - The name "RAD :20" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not allow the name to be claimed by this machine.

==== End Of File ===========================
JacobsCreek
Active Member
 
Posts: 5
Joined: January 21st, 2009, 5:40 am
Top

Re: NNC.MGRS

Unread postby Rodav » February 4th, 2009, 5:46 pm

Step 1:
Please download DAFT.EXE to your Desktop.
  • Double click daft to run the application
  • Click on the Scan button.
  • Place a checkmark next to any entry that appears
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • If everything is ok again, it should display the all associations ok message
  • Please post back the results of daft.txt in your next reply


Step 2:
Older versions of Java have vulnerabilities that malware can exploit so they need to be removed.
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_04
    Java 2 Runtime Environment, SE v1.4.2_06
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1


Step 3:
Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: Select all
:files
c:\windows\system32\GroupPolicy000.dat
c:\windows\GnuHashes.ini
c:\windows\system32\C8.tmp
c:\windows\system32\GroupPolicyManifest
c:\docume~1\comput~1\applic~1\internaldb1942.dat

:commands
[emptytemp]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Step 4:
Please visit Virustotal

Copy/paste this file and path into the white box at the top:
c:\windows\{6313D7C5-D8AF-4867-B446-54DC3C3EBB25}.dat

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response. Repeat for this file also:
c:\windows\system32\{B485FACF-8F5D-411B-BB90-DCF6ABE88B19}.dat



Step 5:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Step 6:
Run HijackThis, do a system scan and post:
  • Daft.txt
  • The OTMoveIt3 results
  • The Virustotal results
  • The Eset report
  • A new HijackThis log
Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.
Top

Re: NNC.MGRS

Unread postby Elrond » February 10th, 2009, 10:23 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 96 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index