Nuvens.bw[INACTIVE]

tony_shelly · March 16, 2007

i have done scans with a lot of virus/ spyware scanners. only zone alarm and CA found the win32 nuvens.bw virus and cannot repair or delete it so i was wondering if HJT would help any.

Thank you

Tony

Logfile of HijackThis v1.99.1

Scan saved at 6:11:36 PM, on 3/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

F:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

F:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

F:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

F:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe

F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

F:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\ctfmon.exe

F:\WINDOWS\system32\devldr32.exe

F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

F:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

F:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe

F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

F:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe

F:\Program Files\TrojanHunter 4.6\THGuard.exe

F:\Program Files\MSN Messenger\MsnMsgr.Exe

F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

F:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

F:\WINDOWS\system32\svchost.exe

F:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe

F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe

F:\Program Files\Mozilla Firefox\firefox.exe

F:\Program Files\TrojanHunter 4.6\TrojanHunter.exe

F:\Documents and Settings\Tony ^ Shelly\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [cctray] "F:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [QOELOADER] "F:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"

O4 - HKLM\..\Run: [CAVRID] "F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [cafwc] F:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

O4 - HKLM\..\Run: [capfaem] F:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe

O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.6\THGuard.exe"

O4 - HKLM\..\Run: [spyHunter] F:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ProxyWay] F:\Program Files\ProxyWay\proxyway.exe

O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - F:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - F:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Documents and Settings\Tony ^ Shelly\My Documents\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - F:\Documents and Settings\Tony ^ Shelly\My Documents\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147286872826

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...975/mcfscan.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: PFW - F:\WINDOWS\SYSTEM32\UmxWnp.Dll

O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - F:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: HIPS Event Manager (UmxAgent) - CA - F:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - F:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - F:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

O23 - Service: HIPS Policy Manager (UmxPol) - CA - F:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

Matt · March 28, 2007

Hi Tony, so for the long delay before a reply. Since it has been a while, if you still need help with this issue, please post back with a new HJT log.

Matt

Matt · April 4, 2007

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.

Sign In

Nuvens.bw[INACTIVE]

Recommended Posts

tony_shelly

Link to post

Share on other sites

Matt

Link to post

Share on other sites

Matt

Link to post

Share on other sites

Browse

Activity