Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

It started as WinSpyware there [RESOLVED]


  • This topic is locked This topic is locked

#31
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That is fine.
  • 0

Advertisements


#32
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 15:46: VIRUS PMLERT!
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 142805
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:22:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0369_File_Monitoring_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0369_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\036b_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\036d_pdm_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\036d_pdm_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\036d_pdm_eventlog_reg.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\key3.db Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\places.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\k9iil72p.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jim\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare content 2.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare content.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english 2.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english 3.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english 4.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english public.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\cod 4 dat.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\day of defeat source beta content.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 binaries.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared models.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared sounds.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source models.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source sounds.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{28E28D9B-2C42-4B9B-8226-8765A72A505B}\RP76\A0009691.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.uzk skipped
C:\System Volume Information\_restore{28E28D9B-2C42-4B9B-8226-8765A72A505B}\RP78\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{686D5180-4C73-4635-88F5-BA6F00F072BB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\cch~b35dde99643.htp Object is locked skipped
C:\WINDOWS\Temp\cch~b35eb1e8cc8.htp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_794.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{28E28D9B-2C42-4B9B-8226-8765A72A505B}\RP78\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{28E28D9B-2C42-4B9B-8226-8765A72A505B}\RP78\change.log Object is locked skipped
G:\Apps\Cleaners\Super Utilities Professional 7.75\supro7.75.exe/file086 Infected: Trojan.Win32.Delf.ceh skipped
G:\Apps\Cleaners\Super Utilities Professional 7.75\supro7.75.exe Inno: infected - 1 skipped
G:\Apps\Internet\Unsorted\RaidenFTPD_2.4_build_733_crack.zip/raidenftpd2.exe/data0026 Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
G:\Apps\Internet\Unsorted\RaidenFTPD_2.4_build_733_crack.zip/raidenftpd2.exe/data0027 Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
G:\Apps\Internet\Unsorted\RaidenFTPD_2.4_build_733_crack.zip/raidenftpd2.exe Infected: not-a-virus:Server-FTP.Win32.Raiden skipped
G:\Apps\Internet\Unsorted\RaidenFTPD_2.4_build_733_crack.zip ZIP: infected - 3 skipped
G:\rapidshare\DAEMON.Tools.Pro.Advanced.v4.10.218.0\DAEMON.Tools.Pro.Advanced.v4.10.218.0\Setup\DTPro4100218Advanced.exe/data0000.cab/SUCKMY~1.EXE Infected: P2P-Worm.Win32.Delf.by skipped
G:\rapidshare\DAEMON.Tools.Pro.Advanced.v4.10.218.0\DAEMON.Tools.Pro.Advanced.v4.10.218.0\Setup\DTPro4100218Advanced.exe/data0000.cab Infected: P2P-Worm.Win32.Delf.by skipped
G:\rapidshare\DAEMON.Tools.Pro.Advanced.v4.10.218.0\DAEMON.Tools.Pro.Advanced.v4.10.218.0\Setup\DTPro4100218Advanced.exe Rsrc-Package: infected - 2 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{28E28D9B-2C42-4B9B-8226-8765A72A505B}\RP78\change.log Object is locked skipped

Scan process completed.
  • 0

#33
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
does this mean it was the Daemon tools pro that started this virus?
  • 0

#34
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
The cracked software you downloaded caused it.
Via rapidshare or the torrent you used to get it.
=================================
Please then delete these folders\files:
G:\Apps\Cleaners\Super Utilities Professional 7.75
G:\Apps\Internet\Unsorted\RaidenFTPD_2.4_build_733_crack.zip
G:\rapidshare\DAEMON.Tools.Pro.Advanced.v4.10.218.0
============================================
Then after that please post one more Hijackthis log and we will finish up.
  • 0

#35
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
done
  • 0

#36
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13: VIRUS ALERT!, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: DTProAgent.lnk = C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7360 bytes
  • 0

#37
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present


Now click on Fix Checked and then close Hijackthis.
=================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
=============
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Also delete\uninstall anything that we used that is left over.
==============================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#38
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
I do not have the start > run option. it is still missing along with my other start menu options like "my computer" "control panel" also my clock still says the time is 17:10: VIRUS ALERT!

I was able to uninstall combofix by pressing 'ctrl' 'alt' 'del' and going to 'run' there and typing in combofix /u
  • 0

#39
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
i have daemon tools still installed and set to run at startup. is that a virus or was only the crack bad?

Edited by ☼ Klutz ☼, 29 May 2008 - 03:15 PM.

  • 0

#40
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
could this mean my registry was changed to not show the "my computer" or "control panel" etc... in my start menu? could i just open regedit and fix this?
  • 0

Advertisements


#41
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do not go in the registry.
It is the backbone of your computer and will crash everything if used incorrectly.
==================================================
For the Clock do the following:
Go to Start >Control Panel >Date ,Time and regional settings.
Click on Regional and language options.
Next to the section that says your regional language (mine is English) click on customise.
Click on the Time tab at the top.
The next to time format make sure that it looks like this >h:mm:ss tt if it doesn't then change it to that.
Then click apply then ok.
Then apply then ok again and you should be good to go.

Let me know if that takes care of it?
=======================
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
================================
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSMMyComputer"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyComputer"=dword:00000000
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
Reboot for the changes to take place and let me know how it goes.
  • 0

#42
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
rebooting now. thanks
  • 0

#43
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
I added everything to the registry but my start menu is still not back. there is no start > run or start > control panel or start my computer
  • 0

#44
☼ Klutz ☼

☼ Klutz ☼

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
there are only 4 options on the right side of my start menu and they are: set program access and defaults; administrative tools; connect tool; printers and faxes. I can get to the tab 'all programs' and anything that is pinned to the start menu but thats it.
  • 0

#45
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as smfix.reg on your Desktop.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowControlPanel"=dword:00000001
"Start_ShowMyComputer"=dword:00000001
"Start_ShowMyDocs"=dword:00000001
Now double-click smfix.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
Reboot for the changes to take place and let me know how it goes.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP