BITCH Virus

D

Dormyr

New Member
Hey,

I have a problem with a virus. It's my PC, running Vista, which I don't know a lot about but I'm working through the similarities to XP etc.

There is a virus on this system. The Windows Security Centre names it as Trojan:Win32/FakeSpypro. The virus had blocked all communication from the PC to the internet, except through Mozilla Firefox, which I'm using at the moment. Apparently it is strange that it would knock out Google Chrome, but it has along with everything else.

I have Googled the name of this virus and read about it. I downloaded the program Malwarebytes to get rid of the virus. Having scanned the computer I have removed some malware/spyware and restarted. I still cannot get connection back to the internet for all other programs.

I have never had problems with a virus in this situation, how do I resolve this issue?

Help would be appreciated.

Cheers, D
 
Last edited:
Please post the malwarebytes log and then do the following.


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

Hello, please download and post a log with HiJackThis.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.



In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Problem sorted - please check!

Hi,

I took the advice of johnb35 and downloaded Combofix. It ran itself and after restarting the system all 'blocks' to the internet were gone. As I said in my last post the Trojan Horse on the system was blocking communication to the internet for all programs except Firefox.

I went to the second stage (install HiJackThis) but there was a problem on installation. How important is it to install that program? I mean, the problem seems to be fixed, should I still bother?

Anyway many thanks for your help and here is the log file for Combofix and below it the one from Malwarebytes.

Regards, D.

ComboFix 10-06-15.04 - Alan 16/06/2010 16:53:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2302.1155 [GMT 1:00]
Running from: c:\users\Alan\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-16 15:58 . 2010-06-16 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-02 20:08 . 2010-06-02 20:08 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
2010-06-02 20:08 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 20:08 . 2010-06-02 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 20:08 . 2010-06-02 20:08 -------- d-----w- c:\programdata\Malwarebytes
2010-06-02 20:08 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 18:56 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-01 22:53 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-01 22:53 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-27 19:40 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-27 19:40 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 15:45 . 2010-01-31 22:04 -------- d-----w- c:\users\Alan\AppData\Roaming\LimeWire
2010-06-16 15:45 . 2008-03-31 19:54 -------- d-----w- c:\program files\Steam
2010-06-16 15:44 . 2008-03-31 19:43 -------- d-----w- c:\programdata\NVIDIA
2010-06-10 18:50 . 2008-03-31 19:54 -------- d-----w- c:\program files\Common Files\Steam
2010-06-10 18:50 . 2009-12-31 15:13 34800 ----a-w- c:\programdata\nvModes.dat
2010-06-05 13:20 . 2009-12-11 19:05 -------- d-----w- c:\program files\Electronic Arts
2010-06-05 13:19 . 2008-03-31 19:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 20:08 . 2010-03-12 10:20 -------- d-----w- c:\users\Alan\AppData\Roaming\Azureus
2010-06-01 21:22 . 2010-03-12 10:19 -------- d-----w- c:\program files\Vuze
2010-06-01 20:20 . 2010-04-23 16:35 -------- d-----w- c:\programdata\Norton
2010-05-27 20:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-27 19:38 . 2010-03-18 19:10 -------- d-----w- c:\program files\Google
2010-05-21 13:14 . 2009-12-11 18:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-23 16:35 . 2010-04-23 16:35 -------- d-----w- c:\programdata\Symantec
2010-04-23 16:35 . 2010-04-23 16:35 -------- d-----w- c:\programdata\NortonInstaller
2010-03-24 23:48 . 2010-03-24 23:48 10686001 ----a-w- c:\users\Alan\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\steam\steam.exe" [2010-05-11 1238352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-08-17 184864]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"CTHelper"="CTHELPER.EXE" [2007-03-05 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-03-05 19968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-11 13:57 1238352 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d9,2a,12,5c,35,8a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3635180043-1872571312-1943345751-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 cpuz130;cpuz130;c:\users\Alan\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 19:10]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 19:10]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3635180043-1872571312-1943345751-1000Core.job
- c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 19:10]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3635180043-1872571312-1943345751-1000UA.job
- c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com?o=14959&l=dis
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qu3x7cuf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qu3x7cuf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\qu3x7cuf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Alan\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-Launch LCDMon - c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
MSConfigStartUp-Launch LGDCore - c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
MSConfigStartUp-trlmhhbl - c:\users\Alan\AppData\Local\hxcgtpeue\sfiygbatssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 16:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3635180043-1872571312-1943345751-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,87,be,f0,04,ae,fa,6e,da,1e,b3,e6,c4,6b,5c,92,f6,88,6f,f1,d0,d9,13,
40,4f,21,de,cb,3f,97,8f,6c,4b,d7,93,73,1e,86,f8,d4,b4,a9,c9,f8,c8,f1,dd,85,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-3635180043-1872571312-1943345751-1000\Software\SecuROM\License information*]
"datasecu"=hex:04,09,29,44,0b,13,c2,bb,09,10,63,ea,24,75,bf,00,a0,08,5f,ef,81,
9f,d0,0d,da,5c,04,09,9d,e5,94,81,44,8f,9f,fc,0e,2f,c4,7f,47,88,fc,97,ea,6d,\
"rkeysecu"=hex:da,f5,9f,db,eb,23,38,f3,43,80,31,14,f5,63,d7,6c
.
Completion time: 2010-06-16 16:59:56
ComboFix-quarantined-files.txt 2010-06-16 15:59

Pre-Run: 32,244,572,160 bytes free
Post-Run: 32,307,822,592 bytes free

- - End Of File - - B3AB23B7CD5712797F26B5348BCBCB2A

----------------------------------------------------------------

Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4165

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02/06/2010 21:47:21
mbam-log-2010-06-02 (21-47-21).txt

Scan type: Quick scan
Objects scanned: 119798
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
What error are you getting when trying to install Hijackthis? It's a good thing to run so we can make sure your system is clean and your not running any unnecessary software.
 
Firstly I thought it was a flawed installation. I followed your link to downlaod the .exe file but it didn't give me the options you mentioned whilst installing, it went straight to the 'scan options' menu. I uninstalled and then reinstalled again but it doesn't seem to have made a difference.

When I try to 'Do a system scan and save a logfile' the error message is:

For some reason your system denied write access to the Hosts file. IF any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start. Run and type:

notepad C:\Windows\system32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.
Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon,
choose 'Run as administrator'.

Then it provides the following information after a lightning speed scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:24, on 16/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Alan\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=14959&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4515 bytes
 
The log looks good however you could disable a few entries from running at bootup. Please rerun hijackthis and place checks next to the following entries.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alan\AppData\Local\Google\Update\GoogleU pdate.exe" /c
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Then click on fix checked at the bottom.
 
Your running Vista, you always need to right click and run as admin in order for it to work correctly.
 
johnb35 said:
Your running Vista, you always need to right click and run as admin in order for it to work correctly.
Click to expand...

I thoguht it'd have something to do with VIsta. I hate Vista, this isn't my machine.

I'm not sure how useful HijackThis will be from now on though because I don't understand the log files.

There is not a problem with the Trojan now though so thank you very much for your help!!!

D
 
Whenever you are infected its always a good idea to run hijackthis and post it in the forum so we know what kind of infections we are dealing with.
 
johnb35 said:
Whenever you are infected its always a good idea to run hijackthis and post it in the forum so we know what kind of infections we are dealing with.
Click to expand...

I'll do that. I find I don't get problams like this but somehow my girlfriend managed to. I think it's careless though through lack of security. Gonna sort that out now.


Thanks again. D
 
You must log in or register to reply here.
Back
Top