HELP me about worm.Win32.VB.ck - Free Antivirus Forum

Free Antivirus Forum - Learn about antivirus, firewalls and personal security

HELP me about worm.Win32.VB.ck

BullGuard Antivirus Forum > Virus Removal > Removal Help > HELP me about worm.Win32.VB.ck

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

GoranGV
New Member

Date Joined Jun 2007
Total Posts : 5

Posted 6/2/2007 1:47 PM (GMT +3)

Hello. I saw on the forum what amazing things You did for other people, so I hope You can help me.

I don't know anything about viruses, worms, trojans etc. My idea was that if you have antivirus program you don't have to worry about anything. And now I' stuck with worms and infected files that I can't desinfect, and I'm afraid to delete them. Please help me about my problem. The diagnostics after scaning my computer are:

detected: virus Worm.Win32.VB.ck        File: C:\WINDOWS\LSASS.EXE//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck        Running module: lsass.exe\lsass.exe
detected: virus Worm.Win32.VB.ck        File: c:\windows\system\lsass.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck        File: C:\Documents and Settings\All Users\Start   Menu\Programs\Startup\MSconfig.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP48\A0004581.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004847.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004848.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005846.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005847.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005964.exe//PE_Patch.UPX//UPX
detected: virus Worm.Win32.VB.ck File: C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005965.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan.Win32.Dialer.fl File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004850.exe//UPX
detected: Trojan program Trojan.Win32.Dialer.fl File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004851.exe//UPX
detected: Trojan program Trojan.Win32.Dialer.fl File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004852.exe//UPX
detected: Trojan program Trojan.Win32.StartPage.rr File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004853.exe//data0004//stream//data0004
detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.3039 File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004854.dll
detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004855.dll
detected: adware not-a-virus:AdWare.Win32.Altnet.a File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004856.dll
detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.3039 File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004857.EXE/BDEDOW~1.DLL
detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004857.EXE/BDEFdi.dll
detected: adware not-a-virus:AdWare.Win32.SaveNow.av File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004858.exe//data0013/SaveNow.exe
detected: adware not-a-virus:AdWare.Win32.SaveNow.au File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004858.exe//data0013/Uninst.exe
detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.3039 File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005848.dll
detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005849.dll
detected: adware not-a-virus:AdWare.Win32.Altnet.a File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005850.dll
detected: adware not-a-virus:AdWare.Win32.BrilliantDigital.c File: D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005851.EXE
not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR3.tmp//UPX
not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR4.tmp
not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR50.tmp//UPX
not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR51.tmp
not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR7.tmp//UPX
not found: virus Worm.Win32.VB.ck File: C:\WINDOWS\Temp\PR8.tmp

Also if I click CTRL+ALT+DELETE this message is displayed: TASK MANAGER HAS BEEN DESABLED BY YOUR ADMINISTRATOR

Ofcourse, here is the logfile of HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 12:34:19 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe
C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\amc\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info/
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MSconfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6bdecfecbc2444eb92a849d24140bb7a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6bdecfecbc2444eb92a849d24140bb7a
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: FLEXlm License Manager - Macrovision Corporation - C:\Program Files\Common Files\Alias Shared\Licensing\etc\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

THANK YOU IN ADVANCE.

GoranGV
New Member

Date Joined Jun 2007
Total Posts : 5

Posted 6/2/2007 2:37 PM (GMT +3)

I also noticed that my home page is changed to: http://quicknews.info/ and I can't change it.

GoranGV
New Member

Date Joined Jun 2007
Total Posts : 5

Posted 6/2/2007 4:46 PM (GMT +3)

This is scan report from AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:41:20 PM 6/2/2007

+ Scan result:

D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004854.dll -> Adware.BrilliantDigital : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004855.dll -> Adware.BrilliantDigital : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005848.dll -> Adware.BrilliantDigital : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005849.dll -> Adware.BrilliantDigital : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005966.dll -> Adware.BrilliantDigital : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005967.dll -> Adware.BrilliantDigital : No action taken.
C:\Documents and Settings\amc\Cookies\amc@122.2o7.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\amc\Cookies\amc@2o7.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\amc\Cookies\amc@maxis.112.2o7.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\amc\Cookies\amc@msnaccountservices.112.2o7.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\amc\Cookies\amc@msnportal.112.2o7.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ads.addynamix.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\amc\Cookies\amc@adrevolver.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\amc\Cookies\amc@adtech.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\amc\Cookies\amc@advertising.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\amc\Cookies\amc@atdmt.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\amc\Cookies\amc@burstnet.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\amc\Cookies\amc@www.burstnet.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\amc\Cookies\amc@as.casalemedia.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\amc\Cookies\amc@casalemedia.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\amc\Cookies\amc@clickbank.txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\amc\Cookies\amc@com.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\amc\Cookies\amc@connextra.txt -> TrackingCookie.Connextra : No action taken.
C:\Documents and Settings\amc\Cookies\amc@doubleclick.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\amc\Cookies\amc@estat.txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\amc\Cookies\amc@www.etracker.txt -> TrackingCookie.Etracker : No action taken.
C:\Documents and Settings\amc\Cookies\amc@as1.falkag.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\amc\Cookies\amc@fastclick.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\amc\Cookies\amc@hit.gemius.txt -> TrackingCookie.Gemius : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ehg-autodesk.hitbox.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ehg-nbif.hitbox.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ehg-nfusiongroup.hitbox.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ehg-space.hitbox.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ehg-telecomitalia.hitbox.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\amc\Cookies\amc@hitbox.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\amc\Cookies\amc@counter.hitslink.txt -> TrackingCookie.Hitslink : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ivwbox.txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\amc\Cookies\amc@search.live.txt -> TrackingCookie.Live : No action taken.
C:\Documents and Settings\amc\Cookies\amc@mediaplex.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\amc\Cookies\amc@www.myaffiliateprogram.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ssl-hints.netflame.txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\amc\Cookies\amc@stat.onestat.txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\amc\Cookies\amc@overture.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\amc\Cookies\amc@perf.overture.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ads.pointroll.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\amc\Cookies\amc@questionmarket.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\amc\Cookies\amc@real.txt -> TrackingCookie.Real : No action taken.
C:\Documents and Settings\amc\Cookies\amc@web4.realtracker.txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\amc\Cookies\amc@revsci.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\amc\Cookies\amc@bs.serving-sys.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\amc\Cookies\amc@serving-sys.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\amc\Cookies\amc@counter2.sextracker.txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\amc\Cookies\amc@counter6.sextracker.txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\amc\Cookies\amc@sextracker.txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\amc\Cookies\amc@site.skype.txt -> TrackingCookie.Skype : No action taken.
C:\Documents and Settings\amc\Cookies\amc@skype.txt -> TrackingCookie.Skype : No action taken.
C:\Documents and Settings\amc\Cookies\amc@specificclick.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\amc\Cookies\amc@spylog.txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\amc\Cookies\amc@statcounter.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\amc\Cookies\amc@anad.tacoda.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\amc\Cookies\amc@tacoda.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\amc\Cookies\amc@toplist.txt -> TrackingCookie.Toplist : No action taken.
C:\Documents and Settings\amc\Cookies\amc@tradedoubler.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\amc\Cookies\amc@trafic.txt -> TrackingCookie.Trafic : No action taken.
C:\Documents and Settings\amc\Cookies\amc@tribalfusion.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\amc\Cookies\amc@weborama.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\amc\Cookies\amc@m.webtrends.txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\amc\Cookies\amc@yadro.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\amc\Cookies\amc@ad.yieldmanager.txt -> TrackingCookie.Yieldmanager : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004850.exe -> Trojan.Dialer.fl : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004851.exe -> Trojan.Dialer.fl : No action taken.
D:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004852.exe -> Trojan.Dialer.fl : No action taken.
D:\BACKUP PRED REPAIR\Documents and Settings\All Users\Documents\SETUP\Design\@DVD creators\VSO Convert XToDVD 2.1.4.162\convertxtodvd.2.1.x.xxx-patch.exe -> Trojan.Small.q : No action taken.
D:\System Volume Information\_restore{895C1F58-ED2F-4980-A974-37FCDE61BD69}\RP70\A0032605.exe -> Trojan.Small.q : No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSconfig.exe -> Worm.VB.ck : No action taken.
C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP48\A0004581.exe -> Worm.VB.ck : No action taken.
C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004847.exe -> Worm.VB.ck : No action taken.
C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0004848.exe -> Worm.VB.ck : No action taken.
C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005846.exe -> Worm.VB.ck : No action taken.
C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP49\A0005847.exe -> Worm.VB.ck : No action taken.
C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005964.exe -> Worm.VB.ck : No action taken.
C:\System Volume Information\_restore{7440A01D-201A-4859-B8B8-FCC58A4A55DA}\RP51\A0005965.exe -> Worm.VB.ck : No action taken.
C:\WINDOWS\lsass.exe -> Worm.VB.ck : No action taken.
C:\WINDOWS\system\lsass.exe -> Worm.VB.ck : No action taken.
[3456] C:\WINDOWS\lsass.exe -> Worm.VB.ck : No action taken.

::Report end

When I lounched rootchg, message appeared saying: "registry checking is disabled by Your administrator" or something like that.

********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
Sat 06/02/2007 15:42:04.79

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 15:42:05
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 6/2/2007 6:47 PM (GMT +3)

Hello

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
and save it to your desktop.

When you have done this, please boot into Safe Mode (Tap F8 during startup).

Open the extracted folder - C:\ SDFix and doubleclick on RunThis.bat to start the script.

Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.

Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread along with fresh hijackthis log, and tell how things are running

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

GoranGV
New Member

Date Joined Jun 2007
Total Posts : 5

Posted 6/2/2007 7:22 PM (GMT +3)

Hello Touch.

BIG THANKS

The computer is normal now, although one thing was not fixed. Home Page is still set to quicknews.info and the buttons for changin this are frozen.

I can open task manager now, and also I forgot to mention, Folder options were gone, but they are back now.

I will scan my computer now, and I hope there will be no worms, viruses, trojans this time.

REPORT FROM SDFIX

SDFix: Version 1.85

Run by amc - Sat 06/02/2007 - 18:00:49.06

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Alias\\Maya8.0\\bin\\maya.exe"="C:\\Program Files\\Alias\\Maya8.0\\bin\\maya.exe:*:Enabled:Maya"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"="C:\\Program Files\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\backburner\\server.exe"="C:\\Program Files\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Checking For Files with Hidden Attributes:

C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe

Finished

REPORT FROM HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 6:12:19 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe
C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\amc\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6bdecfecbc2444eb92a849d24140bb7a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6bdecfecbc2444eb92a849d24140bb7a
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: FLEXlm License Manager - Macrovision Corporation - C:\Program Files\Common Files\Alias Shared\Licensing\etc\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

If You see something weird please let me know what to do.

Again. T H A N K S A L O O O O T

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 6/3/2007 9:48 AM (GMT +3)

That´s good news smilewinkgrin

Download nosethomepage.vbs and save this file to your hard drive. Navigate to where you saved it and double click the file. The VB Script file will check for the appropriate value and if not found will create it. You will be notified whether the option is enabled or disabled. This script can be viewed in Notepad or any text editor, as to the specific Registry key and value that are updated.

Your antivirus software may report this script as potentially malicious, or a possible virus. This is because the script writes to the System Registry.

See if You change homepage now ?

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

GoranGV
New Member

Date Joined Jun 2007
Total Posts : 5

Posted 6/3/2007 12:50 PM (GMT +3)

Yes. It's all fixed now hop

THANK YOU VERY VERY MUCH.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 6/3/2007 6:54 PM (GMT +3)

No problem smilewinkgrin

You may want to read TonyKlein´s article about how to prevent against spyware/hijackers in the future

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM a Moderator and we will reopen it for you

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Saturday, May 25, 2013 3:55 PM (GMT +3)
There are a total of 59,542 posts in 13,143 threads.
In the last 3 days there were 3 new threads and 20 reply posts. View Active Threads