Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Malware accessing 82.98.235.70


  • This topic is locked This topic is locked
10 replies to this topic

#1 m_superberg

m_superberg

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 13 April 2008 - 10:08 PM

Hi,

Since yesterday I have this problem that some malware software is trying to access the 82.98.235.70 web but it's always blocked by my antivirus. When this happens, explorer.exe crashes a few minutes later. If I restart explorere.exe, everything seems ok for a few minutes but then again the unauthorised web access and everything repeats. Also, the disc seems to be more active than usual. I checked many posts in different forums but so far didn't find any sensible approach that would help here. I scanned my computer like three times with Trend Micro PC-Cillin but that one finds nothing. Then I also scanned using PREVX CSI and that one found MROFINU.EXE in two directories which I managed to delete and wvUmmMfc.dll in windows/system32 directory which I didn't manage to remove, it says it's being used by another software even in safe mode. I also scanned using Vundofix but that didn't help.
Please help, below is my log from HijackThis.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:33, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\OrCAD\license_manager\lmgrd.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\Program Files\OrCAD\license_manager\lmgrd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\WINDOWS\system32\wvUmmMfc.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: IO Control.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.de...iler/SysPro.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvUmmMfc - C:\WINDOWS\SYSTEM32\wvUmmMfc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Ansys license - Macrovision Corporation - C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cadence License Manager - Macrovision Corporation - C:\Program Files\OrCAD\license_manager\lmgrd.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MPICH Daemon © 2001 Argonne National Lab (mpich_mpd) - Unknown owner - c:\program files\ansys inc\MPICH\mpd\bin\mpd.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by m_superberg, 13 April 2008 - 10:38 PM.

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 14 April 2008 - 05:25 AM

Hi

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

There is a tutorial on the basic use of Combofix here:
http://www.bleepingc...to-use-combofix


Please download Combofix from Bleeping Computer.

If you can't download it from there, please try these 2 alternative sites:

Forospyware
Geeks to Go

  • Save it to your Desktop.
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Click Start>Run copy/paste or type "%userprofile%\desktop\combofix.exe" /killall into the Run box and click OK.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 m_superberg

m_superberg

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 14 April 2008 - 08:04 AM

Hi,

I think, I managed to remove the malware in the mean time by using SUPERAntiSpyware which was suggested on some other forum. I ran that scan and it found 23 threats and it also managed to remove them. Since then, the access to the suspicious web didn't occur and the computer seems to work ok so I guess I got rid of it.
Anyway, I ran Combofix as you suggested and here is the log file and further also the log file from HijackThis.

Thanks a lot



ComboFix 08-04-13.3 - Martin 2008-04-14 22:31:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1490 [GMT 9:00]
Running from: C:\Documents and Settings\Martin\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-14 19:34 . 2008-04-14 19:34 284,672 --a------ C:\WINDOWS\system32\gdi32.dll
2008-04-14 18:10 . 2008-02-12 14:59 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-04-14 18:10 . 2008-02-12 02:48 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 18:10 . 2008-02-12 03:19 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-04-14 18:10 . 2008-02-12 03:10 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-04-14 18:06 . 2008-04-14 18:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles_backup
2008-04-14 18:01 . 2008-04-14 18:01 <DIR> d-------- C:\Program Files\Windows Update Remover
2008-04-14 18:01 . 2007-05-09 01:10 237,552 --a------ C:\WINDOWS\system32\tpuninst.exe
2008-04-14 18:00 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003274_.tmp
2008-04-14 15:04 . 2008-04-14 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-14 15:03 . 2008-04-14 15:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-14 15:03 . 2008-04-14 15:03 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\SUPERAntiSpyware.com
2008-04-14 11:39 . 2008-04-14 12:05 <DIR> d-------- C:\VundoFix Backups
2008-04-01 17:32 . 2008-04-01 17:32 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-01 17:32 . 2008-04-01 17:32 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\SystemRequirementsLab
2008-04-01 16:57 . 2008-04-01 17:04 <DIR> d-------- C:\Program Files\ChrisTV Lite
2008-04-01 12:12 . 2003-11-21 07:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-04-01 12:12 . 2004-04-27 07:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-04-01 12:12 . 2007-02-21 19:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-04-01 12:12 . 2007-12-17 21:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-04-01 12:11 . 2006-09-12 19:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-04-01 12:11 . 2006-05-03 18:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-04-01 12:11 . 2006-01-13 07:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-04-01 12:10 . 2008-04-10 15:30 <DIR> d-------- C:\Program Files\SUPER
2008-03-22 17:22 . 2008-03-22 17:22 4,128 --a------ C:\INFCACHE.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 08:58 --------- d-----w C:\Documents and Settings\Martin\Application Data\Skype
2008-04-14 08:10 --------- d-----w C:\Program Files\RegistryBooster 2
2008-04-14 08:10 --------- d-----w C:\Program Files\Java
2008-04-14 08:10 --------- d-----w C:\Program Files\GIMP-2.0
2008-04-14 05:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 04:52 --------- d-----w C:\Program Files\Roxio
2008-04-14 04:43 --------- d-----w C:\Program Files\Nikon
2008-04-14 04:43 --------- d-----w C:\Program Files\Common Files\Nikon
2008-04-14 04:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdy.DAT
2008-04-14 04:42 --------- d-----w C:\Program Files\Apple Software Update
2008-04-14 03:36 --------- d-----w C:\Program Files\Trend Micro
2008-04-09 03:54 --------- d-----w C:\Program Files\Folding@Home
2008-04-09 02:48 --------- d-----w C:\Documents and Settings\Martin\Application Data\uTorrent
2008-04-09 01:36 --------- d-----w C:\Documents and Settings\Martin\Application Data\AdobeUM
2008-04-08 07:16 --------- d-----w C:\Documents and Settings\Martin\Application Data\SolidWorks
2008-04-06 05:18 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-03-17 19:40 --------- d-----w C:\Documents and Settings\Martin\Application Data\dvdcss
2008-03-08 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-05 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\System Image Utility
2008-02-28 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-02-28 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-02-28 06:38 --------- d-----w C:\Program Files\Capture NX
2008-02-28 06:34 --------- d-----w C:\Documents and Settings\Martin\Application Data\Nikon
2008-02-12 06:00 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-02-12 05:59 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-02-12 05:59 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-02-12 05:59 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-02-12 05:59 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-02-12 05:59 32,866 ------w C:\WINDOWS\slrundll.exe
2008-02-12 05:59 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-02-12 05:59 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-02-12 05:59 10,752 ----a-w C:\WINDOWS\hh.exe
2008-02-12 05:59 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-02-12 05:58 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-02-12 05:58 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-02-12 05:58 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-02-12 05:58 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-02-12 05:58 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-02-12 05:58 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Back Me Up!]
@=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 14:59 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-09-26 22:37 315392]
"Uniblue RegistryBooster2"="C:\Program Files\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 19:03 7557120]
"nwiz"="nwiz.exe" [2006-03-21 19:03 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 19:03 73728 C:\WINDOWS\system32\nvhotkey.dll]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 17:27 200704]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-09-29 21:02 3112960]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 14:59 15360]

C:\Documents and Settings\Martin\Start Menu\Programs\Accessories\Startup\
BUFFALO NAS Navigator.lnk - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe [1/20/2007 12:56:30 PM 585728]
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [3/19/2007 11:54:59 AM 323584]
PowerReg SchedulerV2.exe [12/7/2006 6:13:21 PM 256000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Zabava\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"C:\\Program Files\\Ansys Inc\\Shared Files\\Licensing\\intel\\ansyslmd.exe"=
"C:\\Program Files\\Ansys Inc\\Shared Files\\Licensing\\intel\\lmgrd.exe"=
"C:\\Program Files\\OrCAD\\updates.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\cdslmd.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\CKOUT.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\installs.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\lmCheckExpiration.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\lmgrd.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\lmtools.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\lmutil.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\nettest.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\flexid\\FLEXidCleanupUtility.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\flexid\\FLEXidInstaller.exe"=
"C:\\Program Files\\OrCAD\\license_manager\\flexid\\lmhostid.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsdoc.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsinfo.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsmps.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsMsgServer.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsNameServer.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsOaPathUtil.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsRemshClient.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsRunHidden.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsUnzip.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdswhich.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cdsZip.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\cds_root.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\clsAdminTool.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\clsbd.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\clu.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\dregprint.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\emsMkError.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\mpsinfo.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\msgHelp.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\nmp.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\nmppath.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\obServer.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\switchversion.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\van.exe"=
"C:\\Program Files\\OrCAD\\tools\\bin\\versionviewer.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\capture.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\comp16.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\pcadi.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\pspiceexplorersrvr.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\pstswp.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\regsvr32.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\sch2cap.exe"=
"C:\\Program Files\\OrCAD\\tools\\capture\\SETBROWS.EXE"=
"C:\\Program Files\\OrCAD\\tools\\capture\\tutorial\\CAPTUTOR.EXE"=
"C:\\Program Files\\OrCAD\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe"=
"C:\\Program Files\\OrCAD\\tools\\cdsdoc\\bin\\obServer.exe"=
"C:\\Program Files\\OrCAD\\tools\\fet\\bin\\mkdefcfg.exe"=
"C:\\Program Files\\OrCAD\\tools\\fet\\bin\\versiontool.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\java.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\jpicpl32.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\jucheck.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\jusched.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\keytool.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\kinit.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\klist.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\ktab.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\orbd.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\policytool.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\rmid.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\rmiregistry.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\servertool.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\bin\\tnameserv.exe"=
"C:\\Program Files\\OrCAD\\tools\\jre\\javaws\\javaws.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\appmgr.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\IndiceFileGeneration.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\lxcwin.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\Magneticdesigner.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\modeled.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\MrkSrvr.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\msgview.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\PDesign.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\psched.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\pspice.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\PSpiceEnc.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\pspiceexplorersrvr.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\psp_cmd.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\regsvr32.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\simmgr.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\simsrvr.exe"=
"C:\\Program Files\\OrCAD\\tools\\pspice\\stmed.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\bin\\cdsdocIndexer.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\bin\\merge.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\bin\\mkvdk.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\bin\\search.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\bin\\setup.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\bin\\v_uninst.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\callback.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\filter.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\htmlini.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\htmserv.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\index.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\jstree.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\jvtree.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\kvoop.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\regsvr32.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\summary.exe"=
"C:\\Program Files\\OrCAD\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe"=
"C:\\Program Files\\sdc203(2)\\StrongDC.exe"=
"C:\\Documents and Settings\\Zabava\\Desktop\\Install\\Buffalo Linkstation\\ls-gl110_051\\LSUpdater.exe"=
"C:\\Program Files\\Altera Quartus II 6.1\\quartus\\bin\\quartus.exe"=
"C:\\Program Files\\Altera Quartus II 6.1\\quartus\\bin\\jtagserver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Martin\\Desktop\\sdc212\\StrongDC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BUFFALO\\NASNAVI\\NasNavi.exe"=

R2 Ansys license;Ansys license;C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe [2003-07-08 16:20]
R2 Cadence License Manager;Cadence License Manager;C:\Program Files\OrCAD\license_manager\lmgrd.exe [2006-03-24 17:34]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
S2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2003-07-08 16:20]
S2 mpich_mpd;MPICH Daemon © 2001 Argonne National Lab;c:\program files\ansys inc\MPICH\mpd\bin\mpd.exe []
S3 agBootB;Agilent Technologies 82357B firmware download service;C:\WINDOWS\system32\DRIVERS\agt82357.sys [2007-04-05 19:16]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 08:48]
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2008-02-12 03:20]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2008-02-12 03:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1387ea69-dcd9-11db-8f00-0015c55b3298}]
\Shell\AutoRun\command - G:\MobileLaunch.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 03:19:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-20 03:19:07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 22:36:52
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-14 22:44:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 13:44:33

Pre-Run: 4,242,186,240 bytes free
Post-Run: 4,224,176,128 bytes free
.
2008-04-12 04:54:02 --- E O F ---




HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01, on 2008-04-14
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\OrCAD\license_manager\lmgrd.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\OrCAD\license_manager\lmgrd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell....s...;l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.de...iler/SysPro.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Ansys license - Macrovision Corporation - C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cadence License Manager - Macrovision Corporation - C:\Program Files\OrCAD\license_manager\lmgrd.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MPICH Daemon © 2001 Argonne National Lab (mpich_mpd) - Unknown owner - c:\program files\ansys inc\MPICH\mpd\bin\mpd.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11369 bytes

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 14 April 2008 - 08:17 AM

Yep, you got it.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 m_superberg

m_superberg

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 14 April 2008 - 08:49 AM

Thanks a lot, I'm happy I got rid of it. :woot: :thumbup:

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 14 April 2008 - 09:01 AM

Just make sure, run this quickly

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#7 m_superberg

m_superberg

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 14 April 2008 - 05:59 PM

Ok, I ran the full scan by Malwarebytes and it found 0 threats ;) so I guess I'm clean, here is the log file. Thanks again Malwarebytes' Anti-Malware 1.11 Database version: 629 Scan type: Full Scan (C:\|) Objects scanned: 250999 Time elapsed: 1 hour(s), 32 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#8 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 15 April 2008 - 01:42 AM

Hi

Good job. Wish they were all this easy. :popcorn:

Congratulations, you appear to be malware free.

First we need to flush your System Restore points after ridding yourself of malware:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.


Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Here is another free program I recommend.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malware...wtopic.php?t=14

Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#9 m_superberg

m_superberg

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 15 April 2008 - 02:21 AM

Hei Thanks, Yesterday when I read some threads I thought :wall: :pullhair: , I was lost and I thought the only option was to reinstall the system completely. But then, thanks also to your help it was not so difficult, but it took the whole day. Well anyway, I guess I was also a bit lucky. :banana: Thanks again :notworthy:

#10 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 15 April 2008 - 03:05 AM

You got lucky I think. SAS isnt normally so effective against that infection. You must have got it early, before it had a chance to take root.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#11 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 15 April 2008 - 06:14 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users