HELP me about worm.Win32.VB.ck

Posted 6/2/2007 10:47 AM
#48159
User avatar

GoranGV Member

Date Joined Nov 2016
Total Posts: 5
Hello. I saw on the forum what amazing things You did for other people, so I hope You can help me. <br/>I don't know anything about viruses, worms, trojans etc. My idea was that if you have antivirus program you don't have to worry about anything. And now I' stuck with worms and infected files that I can't desinfect, and I'm afraid to delete them. Please help me about my problem. The diagnostics after scaning my computer are: <br/> <br/> <br/> <br/>detected: virus Worm.Win32.VB.ck File: C:\WINDOWS\LSASS.EXE//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck Running module: lsass.exe\lsass.exe <br/>detected: virus Worm.Win32.VB.ck File: c:\windows\system\lsass.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSconfig.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP48\A0004581.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004847.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004848.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005846.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005847.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005964.exe//PE_Patch.UPX//UPX <br/>detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005965.exe//PE_Patch.UPX//UPX <br/>detected: Trojan program Trojan.Win32.Dialer.fl File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004850.exe//UPX <br/>detected: Trojan program Trojan.Win32.Dialer.fl File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004851.exe//UPX <br/>detected: Trojan program Trojan.Win32.Dialer.fl File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004852.exe//UPX <br/>detected: Trojan program Trojan.Win32.StartPage.rr File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004853.exe//data0004//stream//data0004 <br/>detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.3039 File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004854.dll <br/>detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004855.dll <br/>detected: adware not-a-virus:AdWare.Win32.Altnet.a File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004856.dll <br/>detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.3039 File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004857.EXE/BDEDOW~1.DLL <br/>detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004857.EXE/BDEFdi.dll <br/>detected: adware not-a-virus:AdWare.Win32.SaveNow.av File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004858.exe//data0013/SaveNow.exe <br/>detected: adware not-a-virus:AdWare.Win32.SaveNow.au File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004858.exe//data0013/Uninst.exe <br/>detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.3039 File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005848.dll <br/>detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005849.dll <br/>detected: adware not-a-virus:AdWare.Win32.Altnet.a File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005850.dll <br/>detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005851.EXE <br/>not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR3.tmp//UPX <br/>not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR4.tmp <br/>not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR50.tmp//UPX <br/>not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR51.tmp <br/>not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR7.tmp//UPX <br/>not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR8.tmp <br/> <br/> <br/>Also if I click CTRL+ALT+DELETE this message is displayed: TASK MANAGER HAS BEEN DESABLED BY YOUR ADMINISTRATOR <br/> <br/> <br/> <br/> <br/> <br/>Ofcourse, here is the logfile of HIJACK THIS <br/> <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 12:34:19 PM, on 6/2/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe <br/>C:\Program Files\Analog Devices\SoundMAX\Smax4.exe <br/>C:\WINDOWS\system32\RUNDLL32.EXE <br/>C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe <br/>C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe <br/>C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe <br/>C:\Program Files\DAEMON Tools\daemon.exe <br/>C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe <br/>C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe <br/>C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe <br/>C:\Program Files\MSN Messenger\MsnMsgr.Exe <br/>C:\Program Files\Skype\Phone\Skype.exe <br/>C:\Program Files\Google\Google Updater\GoogleUpdater.exe <br/>C:\WINDOWS\ATKKBService.exe <br/>C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe <br/>C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe <br/>C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <br/>C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\lsass.exe <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\Documents and Settings\amc\Desktop\HijackThis_v1.99.1.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info/ <br/>F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe <br/>F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll <br/>O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe <br/>O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit <br/>O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe <br/>O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe <br/>O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe <br/>O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" <br/>O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 <br/>O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun <br/>O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe <br/>O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" <br/>O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background <br/>O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized <br/>O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? <br/>O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe <br/>O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe <br/>O4 - Global Startup: MSconfig.exe <br/>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 <br/>O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm <br/>O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html <br/>O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html <br/>O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6bdecfecbc2444eb92a849d24140bb7a <br/>O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6bdecfecbc2444eb92a849d24140bb7a <br/>O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll <br/>O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll <br/>O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ <br/>O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe <br/>O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe <br/>O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) <br/>O23 - Service: FLEXlm License Manager - Macrovision Corporation - C:\Program Files\Common Files\Alias Shared\Licensing\etc\lmgrd.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/> <br/> <br/> <br/> <br/> <br/>THANK YOU IN ADVANCE.
Posted 6/2/2007 11:37 AM
#48161
User avatar

GoranGV Member

Date Joined Nov 2016
Total Posts: 5
I also noticed that my home page is changed to: http://quicknews.info/ and I can't change it. <br/> <br/><br /><br />
Posted 6/2/2007 1:46 PM
#48164
User avatar

GoranGV Member

Date Joined Nov 2016
Total Posts: 5
This is scan report from AVG <br/> <br/>--------------------------------------------------------- <br/>AVG Anti-Spyware - Scan Report <br/>--------------------------------------------------------- <br/> <br/> + Created at: 3:41:20 PM 6/2/2007 <br/> <br/> + Scan result: <br/> <br/> <br/> <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004854.dll -> Adware.BrilliantDigital : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004855.dll -> Adware.BrilliantDigital : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005848.dll -> Adware.BrilliantDigital : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005849.dll -> Adware.BrilliantDigital : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005966.dll -> Adware.BrilliantDigital : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005967.dll -> Adware.BrilliantDigital : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@122.2o7[1].txt -> TrackingCookie.2o7 : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@2o7[2].txt -> TrackingCookie.2o7 : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@adtech[2].txt -> TrackingCookie.Adtech : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@advertising[1].txt -> TrackingCookie.Advertising : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@as.casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@com[1].txt -> TrackingCookie.Com : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@connextra[1].txt -> TrackingCookie.Connextra : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@estat[1].txt -> TrackingCookie.Estat : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@www.etracker[1].txt -> TrackingCookie.Etracker : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@hit.gemius[1].txt -> TrackingCookie.Gemius : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ehg-autodesk.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ehg-nbif.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ehg-nfusiongroup.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ehg-space.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@counter.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@search.live[2].txt -> TrackingCookie.Live : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@stat.onestat[1].txt -> TrackingCookie.Onestat : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@overture[1].txt -> TrackingCookie.Overture : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@perf.overture[1].txt -> TrackingCookie.Overture : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@real[2].txt -> TrackingCookie.Real : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@web4.realtracker[1].txt -> TrackingCookie.Realtracker : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@revsci[2].txt -> TrackingCookie.Revsci : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@site.skype[1].txt -> TrackingCookie.Skype : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@skype[1].txt -> TrackingCookie.Skype : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@spylog[1].txt -> TrackingCookie.Spylog : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@toplist[2].txt -> TrackingCookie.Toplist : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@trafic[1].txt -> TrackingCookie.Trafic : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@weborama[2].txt -> TrackingCookie.Weborama : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@yadro[1].txt -> TrackingCookie.Yadro : No action taken. <br/>C:\Documents and Settings\amc\Cookies\amc@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004850.exe -> Trojan.Dialer.fl : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004851.exe -> Trojan.Dialer.fl : No action taken. <br/>D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004852.exe -> Trojan.Dialer.fl : No action taken. <br/>D:\BACKUP PRED REPAIR\Documents and Settings\All Users\Documents\SETUP\Design\@DVD creators\VSO Convert XToDVD 2.1.4.162\convertxtodvd.2.1.x.xxx-patch.exe -> Trojan.Small.q : No action taken. <br/>D:\System Volume Information\_restore{895C1F58-ED2F-4980-A974-37FCDE61BD69}\RP70\A0032605.exe -> Trojan.Small.q : No action taken. <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSconfig.exe -> Worm.VB.ck : No action taken. <br/>C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP48\A0004581.exe -> Worm.VB.ck : No action taken. <br/>C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004847.exe -> Worm.VB.ck : No action taken. <br/>C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004848.exe -> Worm.VB.ck : No action taken. <br/>C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005846.exe -> Worm.VB.ck : No action taken. <br/>C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005847.exe -> Worm.VB.ck : No action taken. <br/>C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005964.exe -> Worm.VB.ck : No action taken. <br/>C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005965.exe -> Worm.VB.ck : No action taken. <br/>C:\WINDOWS\lsass.exe -> Worm.VB.ck : No action taken. <br/>C:\WINDOWS\system\lsass.exe -> Worm.VB.ck : No action taken. <br/>[3456] C:\WINDOWS\lsass.exe -> Worm.VB.ck : No action taken. <br/> <br/> <br/>::Report end <br/> <br/> <br/>When I lounched rootchg, message appeared saying: "registry checking is disabled by Your administrator" or something like that. <br/> <br/> <br/>********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh <br/>Sat 06/02/2007 15:42:04.79 <br/> <br/>The rootkits that are detected by this tool were not found. <br/> <br/>********************************* ROOTCHK-LOG-end <br/> <br/> <br/>catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2007-06-02 15:42:05 <br/>Windows 5.1.2600 Service Pack 2 <br/>scanning hidden processes ... <br/> <br/>scanning hidden services ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>hidden processes: 0 <br/>hidden services: 0 <br/>hidden files: 0
Posted 6/2/2007 3:47 PM
#48167
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :scool: <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Download<SPAN style="mso-spacerun: yes"> <SPAN style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">SDFix<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> and save it to your Desktop. <br/> <br/>Double click SDFix.exe and it will extract the files to %systemdrive% <br/>(Drive that contains the Windows Directory, typically C:\SDFix) <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> and save it to your desktop. <br/> <br/>When you have done this, please boot into Safe Mode (Tap F8 during startup). <br/> <br/>Open the extracted folder<SPAN style="mso-spacerun: yes"> - C:\ SDFix<SPAN style="mso-spacerun: yes"> and doubleclick on RunThis.bat to start the script. <br/> <br/>Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files. <br/> <br/>When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.0pt; mso-ansi-language: EN-GB">Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread along with fresh hijackthis log,<SPAN style="mso-spacerun: yes"> and tell how things are running<SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/2/2007 4:22 PM
#48169
User avatar

GoranGV Member

Date Joined Nov 2016
Total Posts: 5
Hello Touch. <br/> <br/>[7]BIG THANKS[/7] <br/> <br/>The computer is normal now, although one thing was not fixed. Home Page is still set to quicknews.info and the buttons for changin this are frozen. <br/> <br/>I can open task manager now, and also I forgot to mention, Folder options were gone, but they are back now. <br/> <br/>I will scan my computer now, and I hope there will be no worms, viruses, trojans this time. <br/> <br/>REPORT FROM SDFIX <br/> <br/> <br/>SDFix: Version 1.85 <br/> <br/>Run by amc - Sat 06/02/2007 - 18:00:49.06 <br/> <br/>Microsoft Windows XP [Version 5.1.2600] <br/> <br/>Running From: C:\SDFix <br/> <br/>Safe Mode: <br/>Checking Services: <br/> <br/><br /><br /> <br/><br /><br /> <br/> <br/>Restoring Windows Registry Values <br/>Restoring Windows Default Hosts File <br/> <br/>Rebooting... <br/> <br/> <br/>Normal Mode: <br/>Checking Files: <br/> <br/>No Trojan Files Found <br/> <br/><br /><br /> <br/> <br/>Removing Temp Files... <br/> <br/>ADS Check: <br/> <br/>Checking if ADS is attached to system32 Folder <br/>C:\WINDOWS\system32 <br/>No streams found. <br/> <br/>Checking if ADS is attached to svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>No streams found. <br/> <br/><br /><br /> <br/> Final Check: <br/> <br/>Remaining Services: <br/>------------------ <br/> <br/><br /><br /> <br/>Authorized Application Key Export: <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] <br/>"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\\Program Files\\Alias\\Maya8.0\\bin\\maya.exe"="C:\\Program Files\\Alias\\Maya8.0\\bin\\maya.exe:*:Enabled:Maya" <br/>"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" <br/>"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" <br/>"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" <br/>"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" <br/>"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" <br/>"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC" <br/>"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8" <br/>"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor" <br/>"C:\\Program Files\\Autodesk\\backburner\\manager.exe"="C:\\Program Files\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager" <br/>"C:\\Program Files\\Autodesk\\backburner\\server.exe"="C:\\Program Files\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server" <br/>"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] <br/>"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" <br/>"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" <br/> <br/>Remaining Files: <br/>--------------- <br/> <br/> <br/>Checking For Files with Hidden Attributes: <br/> <br/>C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll <br/>C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe <br/> <br/> Finished <br/> <br/> <br/>REPORT FROM HIJACKTHIS <br/> <br/><br /><br /> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 6:12:19 PM, on 6/2/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\ATKKBService.exe <br/>C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe <br/>C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE <br/>C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe <br/>C:\Program Files\Analog Devices\SoundMAX\Smax4.exe <br/>C:\WINDOWS\system32\RUNDLL32.EXE <br/>C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe <br/>C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe <br/>C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe <br/>C:\Program Files\DAEMON Tools\daemon.exe <br/>C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe <br/>C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe <br/>C:\Program Files\MSN Messenger\MsnMsgr.Exe <br/>C:\Program Files\Skype\Phone\Skype.exe <br/>C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe <br/>C:\Program Files\Google\Google Updater\GoogleUpdater.exe <br/>C:\Program Files\Google\Google Updater\GoogleUpdater.exe <br/>C:\Documents and Settings\amc\Desktop\HijackThis_v1.99.1.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info/ <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll <br/>O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe <br/>O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit <br/>O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe <br/>O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe <br/>O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe <br/>O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" <br/>O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 <br/>O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun <br/>O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe <br/>O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" <br/>O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background <br/>O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized <br/>O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? <br/>O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe <br/>O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe <br/>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm <br/>O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html <br/>O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html <br/>O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html <br/>O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6bdecfecbc2444eb92a849d24140bb7a <br/>O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6bdecfecbc2444eb92a849d24140bb7a <br/>O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll <br/>O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll <br/>O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ <br/>O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe <br/>O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe <br/>O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) <br/>O23 - Service: FLEXlm License Manager - Macrovision Corporation - C:\Program Files\Common Files\Alias Shared\Licensing\etc\lmgrd.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/> <br/>If You see something weird please let me know what to do. <br/> <br/>Again. T H A N K S A L O O O O T
Posted 6/3/2007 9:50 AM
#48205
User avatar

GoranGV Member

Date Joined Nov 2016
Total Posts: 5
Yes. It's all fixed now :hop: . <br/> <br/>[5]THANK YOU [/5][7]VERY[/7][5] VERY [/5]MUCH.
Posted 6/3/2007 3:54 PM
#48232
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
No problem :smilewinkgrin: <br/> <br/> <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB">You may want to read TonyKlein´s article<SPAN style="mso-spacerun: yes"> about how to prevent against<SPAN style="mso-spacerun: yes"> spyware/hijackers in the future<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'">http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html<SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 8pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM a Moderator and we will reopen it for you<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 11, 2016, 5:25 AM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 0 new threads and 3 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.