1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Lost administrator rights

Discussion in 'Malware and Virus Removal Archive' started by DoctorWu, 2007/08/18.

  1. 2007/08/18
    DoctorWu

    DoctorWu Inactive Thread Starter

    Joined:
    2007/08/18
    Messages:
    7
    Likes Received:
    0
    [Resolved] Lost administrator rights

    I've got some malware that has taken over my admin rights. My control panel is missing from the start menu, i cant set time and date and i have a lot of other restrictions.
    I can log on as admin in safe mode but still cant access control panel or do other settings.

    What registry keys is corrupt? or is there something else?

    This is my Hijackthis log:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
     
    DoctorWu,
    #1
  2. 2007/08/18
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS DoctorWu :)

    Lets see if another tool will reveal anything.

    Note: You must be logged onto an account with administrator privileges to complete the following.

    Download Deckard's System Scanner (dss.exe) to your desktop.
    Close all applications and windows.
    Double-click on dss.exe to run it and follow the prompts.
    When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/08/19
    DoctorWu

    DoctorWu Inactive Thread Starter

    Joined:
    2007/08/18
    Messages:
    7
    Likes Received:
    0
    Tnx Dave, i feel welcome already (even if this is a forum i dont want to be a regular in ;) )

    I found out that i had an old version of Hijackthis, so i downloaded the newest version and this is the log:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: OpenGL additional - {8A5849C4-93F3-429D-FF34-660A2068897C} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Steinberg - (no file)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5438 bytes

    And this is the DSS Main log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:34:15, on 2007-08-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.searchmeup.cc (HKLM)
    O15 - Trusted IP range: 195.190.118.157 (HKLM)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: origami - C:\WINDOWS\system32\hlolink.dll (file missing)
    O22 - SharedTaskScheduler: OpenGL additional - {8A5849C4-93F3-429D-FF34-660A2068897C} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Steinberg - (no file)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5787 bytes

    -- Files created between 2007-07-19 and 2007-08-19 -----------------------------

    2007-08-19 18:28:45 0 d-------- C:\Program\Trend Micro
    2007-08-18 23:57:58 0 d-------- C:\!KillBox
    2007-08-17 02:24:55 0 dr------- C:\Documents and Settings\Administratör\Start-meny
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Skrivbord
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Skrivare
    2007-08-17 02:24:55 0 dr-h----- C:\Documents and Settings\Administratör\SendTo
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Recent
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Nätverket
    2007-08-17 02:24:55 1572864 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Mina dokument
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Mallar
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Favoriter
    2007-08-17 02:24:55 0 d---s---- C:\Documents and Settings\Administratör\Cookies
    2007-08-17 02:24:55 0 dr-h----- C:\Documents and Settings\Administratör\Application Data
    2007-08-17 02:24:55 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Application Data\Creative
    2007-08-17 00:37:47 0 d-------- C:\WINDOWS\Prefetch
    2007-08-16 23:20:55 0 dr-h----- C:\Documents and Settings\Peter Olsson\Recent
    2007-08-16 23:13:58 2182 --a------ C:\WINDOWS\system32\tmp.reg
    2007-08-16 03:13:12 37607 --a------ C:\WINDOWS\mssadv.dll <Not Verified; home; Microsoft Security Adviser>
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msscan.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msiemon.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msfw.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msctrl.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msavsc.dll
    2007-08-16 03:13:10 0 d-------- C:\Program\Microsoft Security Adviser
    2007-08-16 03:13:09 11776 --a------ C:\svchost2.exe <Not Verified; ; Project1>
    2007-08-16 03:13:09 11776 --a------ C:\svchost.exe <Not Verified; ; Project1>
    2007-08-16 03:09:15 37376 --a------ C:\WINDOWS\system32\vtr420.dll <Not Verified; ; IEHelper Module>
    2007-08-16 02:41:13 16771 --a------ C:\WINDOWS\system32\KB08029373.exe
    2007-08-16 02:41:00 16771 --a------ C:\WINDOWS\system32\KB68731342.exe
    2007-08-16 02:40:58 13697 --a------ C:\WINDOWS\system32\KB_963491.exe
    2007-07-27 13:10:42 0 d-------- C:\Program\EA Games
    2007-07-21 21:15:20 0 d-------- C:\Program\iPod
    2007-07-21 21:15:15 0 d-------- C:\Program\iTunes
    2007-07-21 21:14:05 0 d-------- C:\Program\QuickTime
    2007-07-21 21:12:50 0 d-------- C:\Program\Delade filer\Apple
    2007-07-21 21:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-08-17 00:48:40 8704 --ahs---- C:\Program\Thumbs.db
    2007-08-17 00:44:27 432320 --a------ C:\WINDOWS\system32\perfh01D.dat
    2007-08-17 00:44:27 79216 --a------ C:\WINDOWS\system32\perfc01D.dat
    2007-08-17 00:31:53 0 d-------- C:\Program\MSN Gaming Zone
    2007-08-17 00:27:59 27444 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-08-16 02:35:20 0 d-------- C:\Program\SpywareBlaster
    2007-08-04 20:45:30 0 d-------- C:\Documents and Settings\Peter Olsson\Application Data\teamspeak2
    2007-07-30 15:21:40 0 d-------- C:\Program\DivX
    2007-07-27 13:41:34 0 d-------- C:\Program\DC++
    2007-07-27 13:12:02 2188 --a------ C:\WINDOWS\eReg.dat
    2007-07-27 13:10:42 0 d--h----- C:\Program\InstallShield Installation Information
    2007-07-21 21:13:14 0 d-------- C:\Program\Apple Software Update
    2007-07-21 21:12:50 0 d-------- C:\Program\Delade filer
    2007-07-09 21:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-07-09 21:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-07-09 21:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-07-09 21:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-07-09 21:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-09 21:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-09 21:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-09 21:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-03 23:46:21 0 d-------- C:\Program\Betsson Poker
    2007-07-03 23:05:59 0 d-------- C:\Program\PKR
    2007-05-28 22:48:45 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2007-05-28 22:48:44 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper "= "CTHELPER.EXE" [2005-12-08 12:06 C:\WINDOWS\CTHELPER.EXE]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "nod32kui "= "C:\Program\Eset\nod32kui.exe" [2007-03-10 01:54]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
    "nwiz "= "nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
    "REGSHAVE "= "C:\Program\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
    "QuickTime Task "= "C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24]
    "iTunesHelper "= "C:\Program\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
    "MsmqIntCert "= "regsvr32 /s mqrt.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]
    "MtdAcq "= "C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2004-07-02 11:26]
    "SB Wireless Music "= "C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe" [2004-02-20 02:20]
    "Steam "=" " []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SetDefaultMIDI "=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    "tscuninstall "=%systemroot%\system32\tscupgrd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)

    Regards

    /Wu
     
    DoctorWu,
    #3
  5. 2007/08/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please download SmitfraudFix by S!Ri, saving the file to your desktop. Follow the directions on that page to run option 2 in safe mode. When done, boot back into normal mode and create a new HijackThis log. Post the new HijackThis log and the SmitfraudFix log, C:\rapport.txt
     
    noahdfear,
    #4
  6. 2007/08/19
    DoctorWu

    DoctorWu Inactive Thread Starter

    Joined:
    2007/08/18
    Messages:
    7
    Likes Received:
    0
    Ok, done. I dint seems to get the wininet.dll check though....

    Hijackthis log:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: OpenGL additional - {8A5849C4-93F3-429D-FF34-660A2068897C} - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Steinberg - (no file)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5502 bytes


    Rapport.txt:

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8A5849C4-93F3-429D-FF34-660A2068897C} "= "OpenGL additional "


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{362DE92B-57C2-490B-918A-2CA5C8A81FC0}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D4D8C38-53F4-43AD-85EF-0A8184959096}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{362DE92B-57C2-490B-918A-2CA5C8A81FC0}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D4D8C38-53F4-43AD-85EF-0A8184959096}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{362DE92B-57C2-490B-918A-2CA5C8A81FC0}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D4D8C38-53F4-43AD-85EF-0A8184959096}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8A5849C4-93F3-429D-FF34-660A2068897C} "= "OpenGL additional "



    »»»»»»»»»»»»»»»»»»»»»»»» End

    Regards,

    /Wu
     
    DoctorWu,
    #5
  7. 2007/08/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Scan again with HijackThis, place a check next to the following entry, close all other windows and click Fix Checked.

    O22 - SharedTaskScheduler: OpenGL additional - {8A5849C4-93F3-429D-FF34-660A2068897C} - (no file)

    Do you knowingly use Microsoft Message Queuing?

    Did you ever setup the computer to run as a terminal server? Are your Start Menu items all accessible, particularly the items in the Pin to Start Menu area and shortcuts under the All Programs>Accessories folder?

    Are you able to access the control Panel now?

    Do another scan with dss.exe and post the main.txt log, along with a new HijackThis log.
     
    noahdfear,
    #6
  8. 2007/08/20
    DoctorWu

    DoctorWu Inactive Thread Starter

    Joined:
    2007/08/18
    Messages:
    7
    Likes Received:
    0
    New Hijackthis log:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Steinberg - (no file)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5403 bytes


    New Main.txt:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Steinberg - (no file)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5403 bytes

    -- Files created between 2007-07-20 and 2007-08-20 -----------------------------

    2007-08-19 18:28:45 0 d-------- C:\Program\Trend Micro
    2007-08-18 23:57:58 0 d-------- C:\!KillBox
    2007-08-17 02:24:55 0 dr------- C:\Documents and Settings\Administratör\Start-meny
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Skrivbord
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Skrivare
    2007-08-17 02:24:55 0 dr-h----- C:\Documents and Settings\Administratör\SendTo
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Recent
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Nätverket
    2007-08-17 02:24:55 1572864 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Mina dokument
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Mallar
    2007-08-17 02:24:55 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Favoriter
    2007-08-17 02:24:55 0 d---s---- C:\Documents and Settings\Administratör\Cookies
    2007-08-17 02:24:55 0 dr-h----- C:\Documents and Settings\Administratör\Application Data
    2007-08-17 02:24:55 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft
    2007-08-17 02:24:55 0 d-------- C:\Documents and Settings\Administratör\Application Data\Creative
    2007-08-17 00:37:47 0 d-------- C:\WINDOWS\Prefetch
    2007-08-16 23:20:55 0 dr-h----- C:\Documents and Settings\Peter Olsson\Recent
    2007-08-16 23:13:58 2210 --a------ C:\WINDOWS\system32\tmp.reg
    2007-08-16 03:13:12 37607 --a------ C:\WINDOWS\mssadv.dll <Not Verified; home; Microsoft Security Adviser>
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msscan.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msiemon.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msfw.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msctrl.dll
    2007-08-16 03:13:11 4059 --a------ C:\WINDOWS\msavsc.dll
    2007-08-16 03:13:10 0 d-------- C:\Program\Microsoft Security Adviser
    2007-08-16 03:13:09 11776 --a------ C:\svchost2.exe <Not Verified; ; Project1>
    2007-08-16 03:13:09 11776 --a------ C:\svchost.exe <Not Verified; ; Project1>
    2007-08-16 03:09:15 37376 --a------ C:\WINDOWS\system32\vtr420.dll <Not Verified; ; IEHelper Module>
    2007-08-16 02:41:13 16771 --a------ C:\WINDOWS\system32\KB08029373.exe
    2007-08-16 02:41:00 16771 --a------ C:\WINDOWS\system32\KB68731342.exe
    2007-08-16 02:40:58 13697 --a------ C:\WINDOWS\system32\KB_963491.exe
    2007-07-27 13:10:42 0 d-------- C:\Program\EA Games
    2007-07-21 21:15:20 0 d-------- C:\Program\iPod
    2007-07-21 21:15:15 0 d-------- C:\Program\iTunes
    2007-07-21 21:14:05 0 d-------- C:\Program\QuickTime
    2007-07-21 21:12:50 0 d-------- C:\Program\Delade filer\Apple
    2007-07-21 21:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-08-19 22:39:18 8704 --ahs---- C:\Program\Thumbs.db
    2007-08-17 00:44:27 432320 --a------ C:\WINDOWS\system32\perfh01D.dat
    2007-08-17 00:44:27 79216 --a------ C:\WINDOWS\system32\perfc01D.dat
    2007-08-17 00:31:53 0 d-------- C:\Program\MSN Gaming Zone
    2007-08-17 00:27:59 27444 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-08-16 02:35:20 0 d-------- C:\Program\SpywareBlaster
    2007-08-04 20:45:30 0 d-------- C:\Documents and Settings\Peter Olsson\Application Data\teamspeak2
    2007-07-30 15:21:40 0 d-------- C:\Program\DivX
    2007-07-27 13:41:34 0 d-------- C:\Program\DC++
    2007-07-27 13:12:02 2188 --a------ C:\WINDOWS\eReg.dat
    2007-07-27 13:10:42 0 d--h----- C:\Program\InstallShield Installation Information
    2007-07-21 21:13:14 0 d-------- C:\Program\Apple Software Update
    2007-07-21 21:12:50 0 d-------- C:\Program\Delade filer
    2007-07-09 21:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-07-09 21:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-07-09 21:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-07-09 21:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-07-09 21:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-09 21:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-09 21:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-09 21:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-03 23:46:21 0 d-------- C:\Program\Betsson Poker
    2007-07-03 23:05:59 0 d-------- C:\Program\PKR
    2007-05-28 22:48:45 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2007-05-28 22:48:44 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper "= "CTHELPER.EXE" [2005-12-08 12:06 C:\WINDOWS\CTHELPER.EXE]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "nod32kui "= "C:\Program\Eset\nod32kui.exe" [2007-03-10 01:54]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
    "nwiz "= "nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
    "REGSHAVE "= "C:\Program\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
    "QuickTime Task "= "C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24]
    "iTunesHelper "= "C:\Program\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
    "MsmqIntCert "= "regsvr32 /s mqrt.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]
    "MtdAcq "= "C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2004-07-02 11:26]
    "SB Wireless Music "= "C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe" [2004-02-20 02:20]
    "Steam "=" " []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SetDefaultMIDI "=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    "tscuninstall "=%systemroot%\system32\tscupgrd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)
    "NoWindowsUpdate "=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "




    -- End of Deckard's System Scanner: finished at 2007-08-20 at 23:42:37 ---------


    I dont know about the Message Queuing?
    It seems like all the stuff in programs-accessories are there, but still no control panel showing up :(

    Regards,
    /Wu
     
    DoctorWu,
    #7
  9. 2007/08/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the contents of the quote box below, then paste it into a blank notepad. Close and save to your desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Now double click the fix.reg file and allow it to merge with the registry.

    Reboot. Your control panel should work again.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC now button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Select the appropriate Yes or No to receiving marketing information
    • Click the Free Online Scan button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report along with a fresh HJT log.
     
    noahdfear,
    #8
  10. 2007/08/21
    DoctorWu

    DoctorWu Inactive Thread Starter

    Joined:
    2007/08/18
    Messages:
    7
    Likes Received:
    0
    My control panel is back :)


    Hijackthis log:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Steinberg - (no file)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5544 bytes


    Activescan log:

    Adware:adware/sbsoft Not disinfected c:\windows\downloaded program files\webdlg32.inf
    Adware:adware/msxmidi Not disinfected c:\windows\msxmidi.exe
    Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
    Adware:adware/startpage.ccm Not disinfected c:\windows\win32.bmp
    Adware:adware/mediatickets Not disinfected Windows Registry
    Spyware:Cookie/Myfunstart Not disinfected C:\Documents and Settings\Gäst\Cookies\gäst@www.myfunstart[1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Peter Olsson\Cookies\peter olsson@com[1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Peter Olsson\Cookies\peter olsson@ig.com[1].txt
    Hacktool:Exploit/MS06-006 Not disinfected C:\Documents and Settings\Peter Olsson\Lokala inställningar\Temporary Internet Files\Content.IE5\KTCPUJ85\movie[1].qtl
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Peter Olsson\Skrivbord\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Peter Olsson\Skrivbord\SmitfraudFix\restart.exe
    Adware:Adware/888Bar Not disinfected C:\Program\Delade filer\{34007929-09FE-1053-0429-03042920002e}\Bar888.dll
    Adware:Adware/Maxifiles Not disinfected C:\Program\Delade filer\{34007929-09FE-1053-0429-03042920002e}\UnInstall.exe
    Virus:Generic Trojan Disinfected C:\Program\Delade filer\{44007929-09FE-1053-0429-03042920002e}\Update.exe
    Virus:Trj/Clicker.ADZ Disinfected C:\Program\Microsoft Security Adviser\mssadv.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc1\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc10\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc11\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc12\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc13\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc14\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc15\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc2\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc3\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc4\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc5\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc6\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc7\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc8\Update.exe
    Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-18\Dc9\Update.exe
    Virus:Trj/Clicker.ADZ Disinfected C:\WINDOWS\mssadv.dll
    Virus:Trj/Cook.A Disinfected C:\WINDOWS\sachost.exe
    Virus:W32/Nuwar.DY.worm Disinfected C:\WINDOWS\system32\KB_963491.exe
    Adware:Adware/Secure32 Not disinfected C:\WINDOWS\system32\secure32.txt
    Virus:Trj/Seet.A Disinfected C:\WINDOWS\system32\update18561603.exe
    Virus:Trj/Seet.A Disinfected C:\WINDOWS\system32\update18864771.exe
    Virus:Trj/Seet.A Disinfected C:\WINDOWS\system32\update60978402.exe
    Virus:Trj/Seet.A Disinfected C:\WINDOWS\system32\update62523833.exe
    Virus:Trj/Seet.A Disinfected C:\WINDOWS\system32\update77119758.exe
    Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\system32\vtr420.dll


    Regards,
    /Wu
     
    DoctorWu,
    #9
  11. 2007/08/21
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Delete the following files and folder. Let me know if you can't find or delete any of them.

    C:\WINDOWS\Downloaded Program Files\webdlg32.inf
    C:\WINDOWS\msxmidi.exe
    C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\win32.bmp
    C:\Documents and Settings\Peter Olsson\Skrivbord\SmitfraudFix
    C:\Program\Delade filer\{34007929-09FE-1053-0429-03042920002e}
    C:\WINDOWS\system32\secure32.txt
    C:\WINDOWS\system32\vtr420.dll


    Click Start>Run, type or paste the following commands, one at a time then hit enter.

    sc stop ieupdater
    sc delete ieupdater

    Download ATF Cleaner by Atribune and save it to your Desktop.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin


    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Reboot.

    Create and post a fresh HijackThis log.
     
    noahdfear,
    #10
  12. 2007/08/22
    DoctorWu

    DoctorWu Inactive Thread Starter

    Joined:
    2007/08/18
    Messages:
    7
    Likes Received:
    0
    webdlg32.inf was not there but ive deleted all the other ones.

    I followed all the other steps, and here is the Hijackthis log:


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program\Eset\nod32kui.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MtdAcq] C:\Program\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [SB Wireless Music] C:\Program\Creative\SB Wireless Music\Media Server\SBWMsvr.exe startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123585726625
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ieupdater (Microsoft IE Updater) - Steinberg - (no file)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5480 bytes

    Regards,
    /Wu
     
    DoctorWu,
    #11
  13. 2007/08/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Click Start>Run, type cmd and hit enter. Copy the following commands, one at a time, then paste them into the command window and hit enter after each.

    attrib -r -h -s C:\WINDOWS\Downlo~1\webdlg32.inf
    del C:\WINDOWS\Downlo~1\webdlg32.inf

    You should get promted 'Are you sure?' after the second command. Yes
    Close the command window.


    Click Start>Run then paste the next two commands one at a time, hitting enter after each.

    sc stop Microsoft IE Updater
    sc delete Microsoft IE Updater

    Delete the SmitfraudFix files/folder, and the folder C:\Deckard

    If everything is working well, clear your past Sytsem Restore points.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

    Geri has posted some very helpful information and recommendations regarding future protection.

    http://www.windowsbbs.com/showpost.php?p=356653&postcount=49

    That will wrap things up, DoctorWu. Surf safe! :)
     
    noahdfear,
    #12
  14. 2007/08/23
    DoctorWu

    DoctorWu Inactive Thread Starter

    Joined:
    2007/08/18
    Messages:
    7
    Likes Received:
    0
    Everything is working ok now :)

    Tnx Dave.

    Regards,
    /Wu
     
    DoctorWu,
    #13
  15. 2007/08/23
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad to hear it. You're most welcome. :)
     
    noahdfear,
    #14

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...