Thread: netadv.dll
View Single Post
Old 10-04-2007, 02:09 PM   #6 (permalink)
XTTX
Registered User
 
Join Date: Mar 2005
Location: US
Posts: 168
OS: XP x64, Ubuntu x86_64, OS X 10.5.7


Send a message via ICQ to XTTX Send a message via AIM to XTTX Send a message via Yahoo to XTTX
Re: netadv.dll
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:11 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
f:\PROGRAM FILES\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\PROGRAM FILES\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Tablet.exe
F:\PROGRAM FILES\COMMON FILES\Softwin\BitDefender Communicator\xcommsvr.exe
F:\PROGRAM FILES\COMMON FILES\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
F:\PROGRAM FILES\COMMON FILES\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Razer\Tarantula\razerhid.exe
C:\Razer\Copperhead\razerhid.exe
C:\D-Link\AirPlus XtremeG\AirPlusCFG.exe
F:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE
F:\PROGRAM FILES\ACRONIS\TRUEIMAGEHOME\TRUEIMAGEMONITOR.EXE
F:\PROGRAM FILES\ACRONIS\TRUEIMAGEHOME\TIMOUNTERMONITOR.EXE
F:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE
F:\PROGRAM FILES\Softwin\BitDefender10\bdmcon.exe
C:\Razer\Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE
F:\PROGRAM FILES\Softwin\BitDefender10\bdagent.exe
F:\PROGRAM FILES\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
F:\PROGRAM FILES\Microsoft Office\Office12\GrooveMonitor.exe
F:\program files\Winamp\winampa.exe
F:\PROGRAM FILES\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
F:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
F:\PROGRAM FILES\Google\Google Talk\googletalk.exe
f:\PROGRAM FILES\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
F:\PROGRAM FILES\Java\jre1.6.0_02\bin\jusched.exe
F:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\PROGRAM FILES\LClock\lclock.exe
F:\PROGRAM FILES\Vista Sidebar\sidebar.exe
F:\PROGRAM FILES\ViStart\ViStart.exe
F:\PROGRAM FILES\VisualTooltip\VisualToolTip.exe
F:\PROGRAM FILES\PeerGuardian2\pg2.exe
C:\Razer\Copperhead\razertra.exe
C:\Razer\Copperhead\razerofa.exe
F:\PROGRAM FILES\COMMON FILES\Ahead\Lib\NMIndexStoreSvr.exe
F:\PROGRAM FILES\Softwin\BitDefender10\vsserv.exe
C:\Razer\Tarantula\razertra.exe
F:\program files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
F:\PROGRAM FILES\COMMON FILES\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\PROGRAM FILES\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\PROGRAM FILES\COMMON FILES\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\PROGRAM FILES\Styler\TB\StylerTB.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tarantula] C:\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [Copperhead] C:\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] F:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\PROGRAM FILES\ACRONIS\TRUEIMAGEHOME\TRUEIMAGEMONITOR.EXE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\PROGRAM FILES\ACRONIS\TRUEIMAGEHOME\TIMOUNTERMONITOR.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE"
O4 - HKLM\..\Run: [BDMCon] "F:\PROGRAM FILES\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "F:\PROGRAM FILES\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\PROGRAM FILES\COMMON FILES\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VisualTooltip] F:\PROGRAM FILES\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "F:\PROGRAM FILES\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] F:\program files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "f:\PROGRAM FILES\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [googletalk] F:\PROGRAM FILES\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SMSystemAnalyzer] "F:\PROGRAM FILES\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\PROGRAM FILES\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] F:\PROGRAM FILES\LClock\lclock.exe
O4 - HKCU\..\Run: [Vista Sidebar] F:\PROGRAM FILES\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] F:\PROGRAM FILES\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] F:\PROGRAM FILES\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [PeerGuardian] F:\PROGRAM FILES\PeerGuardian2\pg2.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = F:\program files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = F:\program files\common files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://f:\PROGRAM FILES\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\PROGRAM FILES\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\PROGRAM FILES\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8614BE35-8B64-43DC-A053-0B43947C50EF}: NameServer = 192.168.0.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\PROGRAM FILES\COMMON FILES\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - f:\PROGRAM FILES\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - G:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\program files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\PROGRAM FILES\COMMON FILES\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - F:\PROGRAM FILES\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - F:\PROGRAM FILES\COMMON FILES\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - F:\PROGRAM FILES\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\PROGRAM FILES\COMMON FILES\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\PROGRAM FILES\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\PROGRAM FILES\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - F:\PROGRAM FILES\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - F:\PROGRAM FILES\COMMON FILES\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12264 bytes



Smit Fraud Fix
SmitFraudFix v2.237

Scan done at 14:02:04.98, Thu 10/04/2007
Run from F:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\afxp.dll Deleted
C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\msvb.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{75F1B25C-DB49-4EB6-BEE0-401922B3F60D}]
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\sysdx.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{8838E502-1D3B-432A-B1C4-935A86E0F941}]
C:\DOCUME~1\Kevin\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Kevin\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Kevin\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Kevin\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Kevin\FAVORI~1\Privacy Protector.url Deleted
F:\PROGRAM FILES\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8614BE35-8B64-43DC-A053-0B43947C50EF}: NameServer=192.168.0.1,4.2.2.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8614BE35-8B64-43DC-A053-0B43947C50EF}: NameServer=192.168.0.1,4.2.2.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8614BE35-8B64-43DC-A053-0B43947C50EF}: NameServer=192.168.0.1,4.2.2.2


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Many thanks! Thanks for sticking w/ me :D. So far, seems to be fine.
One thing I noticed though: when I started up I got an IE alert though about a webpage not being to open because I'm working offline [I set IE to work offline and cleared the cache], but I was wondering if the website that was trying to open was still part of the smit fraud spyware.
Last edited by XTTX; 10-04-2007 at 02:13 PM.
XTTX is offline