Jump to content


Photo

Win32:Wali [Cryp]


  • This topic is locked This topic is locked
8 replies to this topic

#1 013

013

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 27 November 2009 - 03:02 PM

Greetings from Finland, we´re freezing here!

I've read the rules but am still not quite sure if this post is in the right place. If not, I apologize.

I´m not sure because the problem is not present just now, but let me explain.

This morning Avast found Win32:Wali [Cryp]. Quarantine, repair or delete wouldn´t work. My browser (Opera, sandboxed) got hijacked, too: Google searched ok, but clicking on any search results directed to some network poker asdvertisement page (that was in Finnish, which was peculiar since there are only about 5M people who even speak finnish so we are not often given a courtesy of being specially targeted by malware). I didn´t write down the URL, as at that time I didn´t know it was important.

Firefox worked and I was able too google a little further with the virus´name. This thread (http://www.spywarein...howtopic=126469) was on the top results so I read it and decided to follow the same procedure. Please note that at that time I hadn´t read the FAQ, because I had no intend of posting here myself, hence I wasn´t aware that these were specific instructions for someone else and not general advice. Therefore I am not sure if I have done some permanent damage to my system or am I a very, very lucky person and that´s why I´m asking for help to figure that out.

Anyway, I ran JavaRa, CCleaner and then ComboFix and now everything seems to be ok, or have been for about five hours or so (no Avast alert). Since I don´t know if the HJT or anti-malware logs are relevant anymore (because I already ran ComboFix), I don´t post them unless instructed so. I´m including the ComboFix log instead in hope that it would somehow be easier to jump straight there.

EDIT: I just realized that ComboFix installed in Finnish, so the logfile´s comments are also in Finnish. Sorry for that. If needed, I can try to translate them, but I don´t mess with the log unless asked to do so.
EDIT2: No wonder that Avast hasn´t alerted. It was turned off prior to running ComboFix. Now when I try to start it, it says that it can´t load the skin and refuses to start. I will send this anyway (must be some kind of a record: two EDITs before the post is even posted the first place) and then reboot to see if it helps.

Thank you in advance, you are really doing a great job here.

Log begins after the line:
------------------------------------------

ComboFix 09-11-26.02 - Scorpio 27.11.2009 12:11.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.1024.416 [GMT 2:00]
Sijainti: c:\users\Scorpio\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-5541498775-9675941631-285124512-5740
c:\windows\system32\mscert.dll
c:\windows\system32\rdolib.dll

----- BITS: Mahdollisesti saastuneet sivut -----

hxxp://www.search-up.com
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-10-27 to 2009-11-27 )))))))))))))))))
.

2009-11-27 10:36 . 2009-11-27 10:36 -------- d-----w- c:\users\Scorpio\AppData\Local\temp
2009-11-27 10:36 . 2009-11-27 10:36 -------- d-----w- c:\users\Mira\AppData\Local\temp
2009-11-27 10:36 . 2009-11-27 10:36 -------- d-----w- c:\users\Games\AppData\Local\temp
2009-11-27 10:36 . 2009-11-27 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-27 10:36 . 2009-11-27 10:36 -------- d-----w- c:\users\Annica\AppData\Local\temp
2009-11-27 09:45 . 2009-11-27 09:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-27 09:45 . 2009-11-27 09:45 -------- d-----w- c:\program files\Java
2009-11-27 09:16 . 2009-11-27 09:16 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Malwarebytes
2009-11-27 09:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 09:16 . 2009-11-27 09:16 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-27 09:16 . 2009-11-27 09:16 -------- d-----w- c:\programdata\Malwarebytes
2009-11-27 09:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 21:49 . 2009-11-26 21:49 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-26 21:48 . 2009-02-25 17:57 18944 ----a-w- c:\windows\system32\hppmopjl.dll
2009-11-26 21:48 . 2009-02-25 15:32 64024 ----a-w- c:\windows\system32\hppccompio.dll
2009-11-26 21:48 . 2009-09-01 22:03 233472 ----a-w- c:\windows\system32\hpmtp091.dll
2009-11-26 21:48 . 2009-09-01 22:03 299008 ----a-w- c:\windows\system32\hpmml091.DLL
2009-11-26 21:48 . 2009-09-01 22:03 249856 ----a-w- c:\windows\system32\hpmpm081.DLL
2009-11-26 21:48 . 2009-09-01 22:03 208896 ----a-w- c:\windows\system32\hpmpw081.DLL
2009-11-26 21:48 . 2009-09-01 22:03 225280 ----a-w- c:\windows\system32\hpmja091.DLL
2009-11-26 21:48 . 2009-09-01 22:19 161280 ----a-w- c:\windows\system32\hpcpn091.dll
2009-11-26 21:48 . 2009-02-25 15:32 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2009-11-26 21:48 . 2009-08-04 13:48 49250 ----a-w- c:\windows\system32\HPMNNDPS.DLL
2009-11-26 21:48 . 2009-08-04 13:48 49252 ----a-w- c:\windows\system32\HPMNQUE.DLL
2009-11-26 21:38 . 2009-11-26 21:38 16384 d-----w- C:\HP Universal Print Driver PCL5 v5.0.1
2009-11-25 13:56 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-21 15:29 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-21 15:29 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-21 15:29 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-11-21 15:29 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-11-21 15:29 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-11-21 15:29 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-20 22:58 . 2009-11-20 22:58 -------- d-----w- c:\programdata\F-Secure
2009-11-20 22:26 . 2009-11-20 22:26 47616 ----a-w- c:\windows\wupd.dll
2009-11-20 22:21 . 2009-11-20 22:21 -------- d-----w- c:\users\Annica\AppData\Roaming\uTorrent
2009-11-18 14:16 . 2009-11-18 14:21 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Spotify
2009-11-18 14:16 . 2009-11-18 14:17 -------- d-----w- c:\users\Scorpio\AppData\Local\Spotify
2009-11-18 14:16 . 2009-11-18 14:16 -------- d-----w- c:\program files\Spotify
2009-11-18 14:09 . 2009-11-18 14:09 79367 ----a-w- c:\users\Scorpio\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-11-17 12:47 . 2009-09-22 14:29 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2009-11-17 12:47 . 2009-09-22 14:29 55808 ----a-w- c:\windows\system32\devcon.exe
2009-11-17 12:47 . 2009-11-17 13:03 4096 d-----w- c:\program files\Driver Checker
2009-11-15 11:08 . 2009-11-15 11:08 -------- d-----w- c:\users\Mira\AppData\Local\Diagnostics
2009-11-12 11:39 . 2009-11-12 11:39 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-07 08:45 . 2009-11-07 08:45 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-07 08:39 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-07 07:56 . 2009-11-07 07:56 -------- d-----w- c:\users\Annica\AppData\Local\Opera
2009-11-06 08:59 . 2009-11-06 08:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 08:59 . 2009-11-06 08:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-05 15:09 . 2009-11-05 15:09 -------- d-----w- c:\program files\iPod
2009-11-05 15:05 . 2009-11-05 15:05 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 16:05 . 2009-11-02 16:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 16:05 . 2009-11-02 16:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-30 21:13 . 2009-10-30 21:13 -------- d-----w- c:\program files\GetData
2009-10-29 11:05 . 2009-10-30 18:56 4096 d-----w- c:\program files\DIY DataRecovery iRecover

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 10:14 . 2009-09-30 15:27 78882 ----a-w- c:\windows\system32\perfc00B.dat
2009-11-27 10:14 . 2009-09-30 15:27 433166 ----a-w- c:\windows\system32\perfh00B.dat
2009-11-27 09:58 . 2009-11-27 09:58 191837 ----a-w- C:\fiwtn.exe
2009-11-27 09:58 . 2009-11-27 09:58 114176 ----a-w- C:\cpyn.exe
2009-11-27 09:58 . 2009-11-27 09:58 86016 ----a-w- C:\bkolysc.exe
2009-11-27 09:58 . 2009-11-27 09:58 205824 ----a-w- C:\fwurmwio.exe
2009-11-26 21:12 . 2009-09-30 11:44 12288 d-----w- c:\users\Scorpio\AppData\Roaming\uTorrent
2009-11-23 16:03 . 2009-10-01 16:32 4096 d-----w- c:\users\Scorpio\AppData\Roaming\Apple Computer
2009-11-17 13:24 . 2009-09-30 17:08 12288 d-----w- c:\programdata\Microsoft Help
2009-11-15 12:03 . 2009-09-29 11:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-15 12:03 . 2009-09-29 11:30 460592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-07 08:52 . 2009-09-30 15:38 4096 d-----w- c:\program files\Windows Live
2009-11-07 08:05 . 2009-10-02 08:02 110440 ----a-w- c:\users\Games\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-05 15:09 . 2009-10-01 16:19 -------- d-----w- c:\program files\Common Files\Apple
2009-11-05 15:09 . 2009-10-01 16:22 -------- d-----w- c:\programdata\Apple Computer
2009-11-02 18:50 . 2009-11-02 18:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-11-02 18:49 . 2009-10-01 16:19 -------- d-----w- c:\programdata\Apple
2009-11-02 18:42 . 2009-10-03 01:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 13:44 . 2009-09-29 16:00 8192 d-----w- c:\program files\DivX
2009-11-01 13:44 . 2009-09-29 16:00 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 11:05 . 2008-12-10 04:33 4096 d-----w- c:\program files\Opera
2009-10-27 14:35 . 2009-10-27 14:35 -------- d-----w- c:\program files\ATI
2009-10-27 14:34 . 2009-10-27 14:34 -------- d-----w- c:\program files\ATI Technologies
2009-10-27 14:22 . 2009-10-27 14:22 -------- d-----w- c:\users\Scorpio\AppData\Roaming\atitray
2009-10-25 10:02 . 2009-10-25 09:57 4096 d-----w- c:\program files\Ext2Fsd
2009-10-25 09:04 . 2009-10-24 18:23 -------- d-----w- c:\users\Scorpio\AppData\Roaming\JAM Software
2009-10-25 09:03 . 2009-10-24 18:23 -------- d-----w- c:\program files\JAM Software
2009-10-23 06:34 . 2009-10-23 06:34 110440 ----a-w- c:\users\Mira\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-23 06:34 . 2009-10-23 06:34 -------- d-----w- c:\users\Mira\AppData\Roaming\ATI
2009-10-22 20:03 . 2009-10-22 20:03 -------- d-----w- c:\program files\EASEUS
2009-10-22 20:03 . 2009-09-28 20:58 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 19:03 . 2009-10-22 19:03 -------- d-----w- c:\program files\Recuva
2009-10-22 19:00 . 2009-10-22 19:00 -------- d-----w- c:\program files\Western Digital Corporation
2009-10-18 10:27 . 2009-10-18 10:27 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Media Organizing Systems, Inc
2009-10-18 10:25 . 2009-10-10 08:24 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Remove Duplicate Files Automatically
2009-10-17 05:26 . 2009-10-17 05:26 16896 ----a-w- c:\windows\system32\drivers\dc3d.sys
2009-10-15 16:56 . 2009-10-15 16:56 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-10-10 16:56 . 2009-10-10 16:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-09 16:14 . 2009-10-09 16:14 34308 ----a-w- c:\programdata\mazuki.dll
2009-10-09 16:14 . 2009-10-09 16:14 34308 ----a-w- c:\programdata\mazuki.dll
2009-10-09 12:01 . 2009-10-09 12:01 -------- d-----w- c:\users\Scorpio\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
2009-10-09 11:57 . 2009-10-09 11:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 11:57 . 2009-10-23 06:33 38208 ----a-w- c:\users\Mira\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 11:57 . 2009-10-22 08:05 38208 ----a-w- c:\users\Annica\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 11:57 . 2009-10-09 11:57 38208 ----a-w- c:\users\Scorpio\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 11:57 . 2009-10-09 11:57 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 08:01 . 2008-12-10 05:55 110440 ----a-w- c:\users\Scorpio\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 05:57 . 2009-10-09 05:57 460592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-10-05 06:52 . 2009-10-05 06:51 4096 d-----w- c:\program files\TVersity Codec Pack
2009-10-03 07:51 . 2009-10-03 07:51 -------- d-----w- c:\program files\Creative
2009-10-02 18:50 . 2009-09-30 17:20 4096 d-----w- c:\program files\Microsoft Works
2009-10-02 18:36 . 2009-10-02 18:36 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-02 14:09 . 2009-10-02 14:09 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-10-02 13:33 . 2009-10-02 13:33 -------- d--h--r- c:\users\Scorpio\AppData\Roaming\SecuROM
2009-10-02 13:33 . 2009-10-02 13:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-02 09:57 . 2009-10-02 09:57 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-02 09:54 . 2009-10-02 09:54 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-02 09:53 . 2009-09-30 15:39 -------- d-----w- c:\program files\Microsoft
2009-10-02 08:01 . 2009-10-02 08:01 -------- d-----w- c:\users\Games\AppData\Roaming\ATI
2009-10-02 07:07 . 2009-10-02 07:07 -------- d-----w- c:\program files\NeoSmart Technologies
2009-10-02 06:51 . 2009-10-02 06:51 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-02 06:51 . 2009-10-02 06:51 -------- d-----w- c:\users\Scorpio\AppData\Roaming\DAEMON Tools Lite
2009-10-02 04:06 . 2009-10-18 07:49 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-01 16:33 . 2009-10-01 16:33 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-01 16:32 . 2009-10-01 16:32 -------- d-----w- c:\program files\Google
2009-10-01 16:31 . 2009-10-01 16:30 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-01 16:24 . 2009-10-01 16:24 -------- d-----w- c:\program files\Bonjour
2009-10-01 16:23 . 2009-10-01 16:22 4096 d-----w- c:\program files\QuickTime
2009-10-01 16:20 . 2009-10-01 16:20 4096 d-----w- c:\program files\Apple Software Update
2009-09-30 18:33 . 2009-09-30 14:26 5098496 ----a-w- C:\unetbtin.exe
2009-09-30 17:35 . 2009-09-30 17:35 4096 d-----w- c:\program files\XnView
2009-09-30 17:19 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-09-30 17:15 . 2009-09-30 17:15 -------- d-----w- c:\program files\Microsoft.NET
2009-09-30 17:10 . 2009-09-30 17:10 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-30 16:56 . 2009-09-30 16:56 4096 d-----w- c:\program files\RocketDock
2009-09-30 16:08 . 2008-12-10 04:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-30 15:40 . 2009-09-30 15:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-30 15:39 . 2009-09-30 15:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-30 15:33 . 2009-09-30 15:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-30 15:30 . 2009-09-30 15:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-30 15:26 . 2009-07-14 04:52 4096 d-----w- c:\program files\Windows Sidebar
2009-09-30 15:26 . 2009-07-14 02:37 4096 d-----w- c:\program files\Windows Mail
2009-09-30 15:26 . 2009-07-14 07:50 4096 d-----w- c:\program files\Windows Journal
2009-09-30 15:26 . 2009-07-14 04:52 4096 d-----w- c:\program files\DVD Maker
2009-09-30 15:26 . 2009-07-14 04:52 4096 d-----w- c:\program files\Windows Photo Viewer
2009-09-30 15:26 . 2009-07-14 04:52 4096 d-----w- c:\program files\Windows Defender
2009-09-30 15:26 . 2009-09-30 15:27 279790 ----a-w- c:\windows\system32\perfi00B.dat
2009-09-30 15:26 . 2009-09-30 15:27 38258 ----a-w- c:\windows\system32\perfd00B.dat
2009-09-30 15:26 . 2009-09-30 15:26 38258 ----a-w- c:\windows\inf\PERFLIB\040B\perfd.dat
2009-09-30 15:26 . 2009-09-30 15:26 38258 ----a-w- c:\windows\inf\PERFLIB\040B\perfc.dat
2009-09-30 15:26 . 2009-09-30 15:26 279790 ----a-w- c:\windows\inf\PERFLIB\040B\perfi.dat
2009-09-30 15:26 . 2009-09-30 15:26 279790 ----a-w- c:\windows\inf\PERFLIB\040B\perfh.dat
2009-09-30 07:33 . 2009-09-30 07:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-29 16:13 . 2009-09-29 16:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-09-29 16:06 . 2009-09-29 16:01 -------- d-----w- c:\users\Scorpio\AppData\Roaming\DivX
2009-09-29 11:30 . 2009-09-29 11:30 4096 d-----w- c:\program files\PlayReady
2009-09-29 11:27 . 2009-09-29 11:27 4096 d-----w- c:\program files\Win7codecs
2009-09-29 11:27 . 2009-09-29 11:27 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Win7codecs
2009-09-29 11:27 . 2009-09-29 11:26 -------- d-----w- c:\programdata\Win7codecs
2009-09-28 21:02 . 2009-09-28 21:02 -------- d-----w- c:\programdata\CNO
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SandboxieControl"="f:\program files\Sandboxie\SbieCtrl.exe" [2009-09-30 387584]
"uTorrent"="f:\program files\uTorrent.exe" [2009-09-30 289072]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AtiTrayTools"="f:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2008-09-17 585728]
"googletalk"="c:\users\Scorpio\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"anysee_TR"="c:\program files\anysee\anysee-E30Series\anysee_TR.exe" [2009-03-16 1417216]
"anysee CNO(Media Center PlugIn)"="c:\program files\anysee\Driver\CNO.EXE" [2009-03-30 1028096]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-27 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 AMTBDA_P861F;anysee Capture Service;c:\windows\System32\drivers\anyseeTU.SYS [30.3.2009 10:50 496256]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10.12.2008 6:37 114768]
R1 atitray;atitray;f:\program files\Ray Adams\ATI Tray Tools\atitray.sys [8.9.2008 19:32 18336]
R1 Ext2fs;Ext2fs;c:\windows\System32\drivers\ext2fs.sys [18.10.2009 13:22 181120]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [25.10.2009 11:57 659592]
R1 IfsMount;IfsMount;c:\windows\System32\drivers\ifsmount.sys [18.10.2009 13:22 51072]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [30.7.2009 7:40 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10.12.2008 6:37 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10.12.2008 6:37 53328]
R2 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [30.9.2009 17:41 54632]
R2 fsssvc;Windows Live -perheturvapalvelu;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864]
R2 NfsClnt;NFS-asiakas;c:\windows\System32\nfsclnt.exe [14.7.2009 1:14 52736]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 14:28 1533808]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys [17.10.2009 7:26 16896]
R3 NfsRdr;NFS-uudelleenohjauksen asiakas;c:\windows\System32\drivers\nfsrdr.sys [14.7.2009 1:14 201216]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [5.12.2006 10:34 507136]
R3 PsxDrv;PsxDrv;c:\windows\System32\drivers\psxdrv.sys [14.7.2009 1:23 9216]
R3 RpcXdr;NFS-palvelimen ONCRPC;c:\windows\System32\drivers\rpcxdr.sys [14.7.2009 1:14 86528]
R3 SbieDrv;SbieDrv;f:\program files\Sandboxie\SbieDrv.sys [30.9.2009 11:15 116736]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2.10.2009 8:51 721904]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28.8.2009 18:42 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
'Ajoitetut tehtävät'-kansion sisältö

2009-11-27 c:\windows\Tasks\WindowsUpdate.job
- c:\windows\wupd.dll [2009-11-20 22:26]
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Scorpio\AppData\Roaming\Mozilla\Firefox\Profiles\1mhmt63b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/ig?tab=mw&hl=fi&source=iglk
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOXIN KÄYTÄNNÖT ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');f:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-Remove Duplicate Files Automatically - (no file)
AddRemove-WinHex - c:\program files\WinHex\WinHex.exe uninst


.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Valmistumisajankohta: 2009-11-27 12:43
ComboFix-quarantined-files.txt 2009-11-27 10:43

Ennen ajoa: 125 850 451 968 tavua vapaana
Ajon jälkeen: 125 603 737 600 tavua vapaana

- - End Of File - - A669BB7AA4504B055D07763C9E84E995

The ComboFix should not be executed unless requested by a qualiled helper.

As an additional information please follow the following directives.

Hi,

Help us help you.

Please read this article and follow the protocol.
http://spywareinfofo...showtopic=23382
Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound a
dvice.

=*=

#2 013

013

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 28 November 2009 - 11:40 AM

Hi,

I understand now that running ComboFix the way I did was not a good idea - it seems to be about as smart as diving headfirst into muddy water. :)

So let´s do this right, here´s my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:54, on 28.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\anysee\anysee-E30Series\anysee_TR.exe
C:\Program Files\anysee\Driver\CNO.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Series\anysee_TR.exe
O4 - HKLM\..\Run: [anysee CNO(Media Center PlugIn)] C:\Program Files\anysee\Driver\CNO.EXE
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "F:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "F:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Scorpio\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKUS\S-1-5-21-2815692588-2460191661-559364892-1013\..\Run: [SandboxieControl] "F:\Program Files\Sandboxie\SbieCtrl.exe" (User 'Samu')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/o...utodetectNT.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1228889225611
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - F:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7166 bytes

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 30 November 2009 - 03:04 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 30 November 2009 - 11:01 AM

Looking good.
Clean these items.

Open notepad and copy/paste the text in the quote box below into it:

File::
C:\fiwtn.exe
C:\cpyn.exe
C:\bkolysc.exe
C:\fwurmwio.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh copy of HijackThis.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 013

013

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 December 2009 - 10:34 AM

OK, I have to go elsewhere for a while, but will do this ASAP meaning tonight or tomorrow morning.

#6 013

013

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 December 2009 - 08:12 AM

Allright, after some difficulties I managed to get some data for you. I tried to shut down my firewall (Online Armor free), but couldn´t make it to shut up and quit nagging completely while running ComboFix. However, here´s the log, I don´t know how badly did the firewall interfere with it. HJT log is included, too. Hope these help.

Logfiles start after the line and are not separated with any lines.

------------------------------------------------------------------------------

ComboFix 09-12-02.01 - Scorpio 02.12.2009 13:25.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.1024.343 [GMT 2:00]
Sijainti: c:\users\Scorpio\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Scorpio\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Uusi palautuspiste luotu

FILE ::
"C:\bkolysc.exe"
"C:\cpyn.exe"
"C:\fiwtn.exe"
"C:\fwurmwio.exe"
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bkolysc.exe
C:\cpyn.exe
C:\fwurmwio.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat . . . . poisto epäonnistui
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat . . . . poisto epäonnistui

----- BITS: Mahdollisesti saastuneet sivut -----

hxxp://www.search-up.com
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-11-02 to 2009-12-02 )))))))))))))))))
.

2009-12-02 12:22 . 2009-12-02 12:38 -------- d-----w- c:\users\Scorpio\AppData\Local\temp
2009-12-02 12:22 . 2009-12-02 12:22 -------- d-----w- c:\users\Samu\AppData\Local\temp
2009-12-02 12:22 . 2009-12-02 12:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-02 12:22 . 2009-12-02 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-02 12:22 . 2009-12-02 12:22 -------- d-----w- c:\users\Mira\AppData\Local\temp
2009-12-02 12:22 . 2009-12-02 12:22 -------- d-----w- c:\users\Games\AppData\Local\temp
2009-12-02 12:22 . 2009-12-02 12:22 -------- d-----w- c:\users\Annica\AppData\Local\temp
2009-12-01 12:48 . 2009-12-01 12:48 -------- d-----w- c:\users\Samu\AppData\Local\Mozilla
2009-11-28 21:05 . 2009-11-28 21:30 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 21:05 . 2009-11-28 21:13 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-28 20:19 . 2009-11-28 20:20 -------- d-----w- c:\users\Samu\AppData\Roaming\OnlineArmor
2009-11-28 19:01 . 2009-11-29 11:19 4096 d-----w- c:\users\Scorpio\AppData\Roaming\OnlineArmor
2009-11-28 19:01 . 2009-11-28 20:22 -------- d-----w- c:\programdata\OnlineArmor
2009-11-28 19:00 . 2009-11-04 03:05 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-11-28 19:00 . 2009-11-04 03:05 30800 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-11-28 19:00 . 2009-11-04 03:05 219728 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-11-28 19:00 . 2009-11-28 19:00 -------- d-----w- c:\program files\Tall Emu
2009-11-28 17:18 . 2009-11-28 17:18 110440 ----a-w- c:\users\Samu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-28 16:24 . 2009-11-28 16:25 -------- d-----w- C:\HJT
2009-11-28 12:43 . 2009-11-28 12:43 -------- d-----w- c:\users\Samu\AppData\Local\Opera
2009-11-27 09:45 . 2009-11-27 09:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-27 09:45 . 2009-11-27 09:45 -------- d-----w- c:\program files\Java
2009-11-27 09:16 . 2009-11-27 09:16 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Malwarebytes
2009-11-27 09:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 09:16 . 2009-11-27 09:16 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-27 09:16 . 2009-11-27 09:16 -------- d-----w- c:\programdata\Malwarebytes
2009-11-27 09:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 21:49 . 2009-11-26 21:49 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-26 21:49 . 2009-09-01 22:20 281600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp091.dll
2009-11-26 21:48 . 2009-02-25 17:57 18944 ----a-w- c:\windows\system32\hppmopjl.dll
2009-11-26 21:48 . 2009-02-25 15:32 64024 ----a-w- c:\windows\system32\hppccompio.dll
2009-11-26 21:48 . 2009-09-01 22:03 233472 ----a-w- c:\windows\system32\hpmtp091.dll
2009-11-26 21:48 . 2009-09-01 22:03 299008 ----a-w- c:\windows\system32\hpmml091.DLL
2009-11-26 21:48 . 2009-09-01 22:03 249856 ----a-w- c:\windows\system32\hpmpm081.DLL
2009-11-26 21:48 . 2009-09-01 22:03 208896 ----a-w- c:\windows\system32\hpmpw081.DLL
2009-11-26 21:48 . 2009-09-01 22:03 225280 ----a-w- c:\windows\system32\hpmja091.DLL
2009-11-26 21:48 . 2009-09-01 22:19 161280 ----a-w- c:\windows\system32\hpcpn091.dll
2009-11-26 21:48 . 2009-02-25 15:32 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2009-11-26 21:48 . 2009-08-04 13:48 49250 ----a-w- c:\windows\system32\HPMNNDPS.DLL
2009-11-26 21:48 . 2009-08-04 13:48 49252 ----a-w- c:\windows\system32\HPMNQUE.DLL
2009-11-26 21:38 . 2009-11-26 21:38 -------- d-----w- C:\HP Universal Print Driver PCL5 v5.0.1
2009-11-25 13:56 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-21 15:29 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-21 15:29 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-21 15:29 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-11-21 15:29 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-11-21 15:29 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-11-21 15:29 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-20 22:58 . 2009-11-20 22:58 -------- d-----w- c:\programdata\F-Secure
2009-11-20 22:26 . 2009-11-20 22:26 47616 ----a-w- c:\windows\wupd.dll
2009-11-20 22:21 . 2009-11-20 22:21 -------- d-----w- c:\users\Annica\AppData\Roaming\uTorrent
2009-11-18 14:16 . 2009-11-18 14:21 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Spotify
2009-11-18 14:16 . 2009-11-18 14:17 -------- d-----w- c:\users\Scorpio\AppData\Local\Spotify
2009-11-18 14:16 . 2009-11-18 14:16 -------- d-----w- c:\program files\Spotify
2009-11-18 14:09 . 2009-11-18 14:09 79367 ----a-w- c:\users\Scorpio\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-11-17 12:47 . 2009-09-22 14:29 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2009-11-17 12:47 . 2009-09-22 14:29 55808 ----a-w- c:\windows\system32\devcon.exe
2009-11-17 12:47 . 2009-11-17 13:03 4096 d-----w- c:\program files\Driver Checker
2009-11-15 11:08 . 2009-11-15 11:08 -------- d-----w- c:\users\Mira\AppData\Local\Diagnostics
2009-11-12 11:39 . 2009-11-12 11:39 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-07 08:45 . 2009-11-07 08:45 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-07 08:39 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-07 07:56 . 2009-11-07 07:56 -------- d-----w- c:\users\Annica\AppData\Local\Opera
2009-11-06 08:59 . 2009-11-06 08:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 08:59 . 2009-11-06 08:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-05 15:09 . 2009-11-05 15:09 -------- d-----w- c:\program files\iPod
2009-11-05 15:05 . 2009-11-05 15:05 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 16:05 . 2009-11-02 16:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 16:05 . 2009-11-02 16:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 12:38 . 2009-09-30 11:44 12288 d-----w- c:\users\Scorpio\AppData\Roaming\uTorrent
2009-11-28 21:35 . 2009-09-30 15:27 78882 ----a-w- c:\windows\system32\perfc00B.dat
2009-11-28 21:35 . 2009-09-30 15:27 433166 ----a-w- c:\windows\system32\perfh00B.dat
2009-11-28 07:53 . 2008-12-10 04:33 4096 d-----w- c:\program files\Opera
2009-11-24 23:54 . 2008-12-10 04:37 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2008-12-10 04:37 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-10 04:37 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-10 04:37 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 16:03 . 2009-10-01 16:32 4096 d-----w- c:\users\Scorpio\AppData\Roaming\Apple Computer
2009-11-17 13:24 . 2009-09-30 17:08 12288 d-----w- c:\programdata\Microsoft Help
2009-11-15 12:03 . 2009-09-29 11:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-15 12:03 . 2009-09-29 11:30 460592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-07 08:52 . 2009-09-30 15:38 4096 d-----w- c:\program files\Windows Live
2009-11-07 08:05 . 2009-10-02 08:02 110440 ----a-w- c:\users\Games\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-05 15:09 . 2009-10-01 16:19 -------- d-----w- c:\program files\Common Files\Apple
2009-11-05 15:09 . 2009-10-01 16:22 -------- d-----w- c:\programdata\Apple Computer
2009-11-02 18:50 . 2009-11-02 18:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-11-02 18:49 . 2009-10-01 16:19 -------- d-----w- c:\programdata\Apple
2009-11-02 18:42 . 2009-10-03 01:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 13:44 . 2009-09-29 16:00 8192 d-----w- c:\program files\DivX
2009-11-01 13:44 . 2009-09-29 16:00 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-30 21:13 . 2009-10-30 21:13 -------- d-----w- c:\program files\GetData
2009-10-30 18:56 . 2009-10-29 11:05 4096 d-----w- c:\program files\DIY DataRecovery iRecover
2009-10-27 14:35 . 2009-10-27 14:35 -------- d-----w- c:\program files\ATI
2009-10-27 14:34 . 2009-10-27 14:34 -------- d-----w- c:\program files\ATI Technologies
2009-10-27 14:22 . 2009-10-27 14:22 -------- d-----w- c:\users\Scorpio\AppData\Roaming\atitray
2009-10-25 10:02 . 2009-10-25 09:57 4096 d-----w- c:\program files\Ext2Fsd
2009-10-25 09:04 . 2009-10-24 18:23 -------- d-----w- c:\users\Scorpio\AppData\Roaming\JAM Software
2009-10-25 09:03 . 2009-10-24 18:23 -------- d-----w- c:\program files\JAM Software
2009-10-23 06:34 . 2009-10-23 06:34 110440 ----a-w- c:\users\Mira\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-23 06:34 . 2009-10-23 06:34 -------- d-----w- c:\users\Mira\AppData\Roaming\ATI
2009-10-22 20:03 . 2009-10-22 20:03 -------- d-----w- c:\program files\EASEUS
2009-10-22 20:03 . 2009-09-28 20:58 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 19:03 . 2009-10-22 19:03 -------- d-----w- c:\program files\Recuva
2009-10-22 19:00 . 2009-10-22 19:00 -------- d-----w- c:\program files\Western Digital Corporation
2009-10-18 10:27 . 2009-10-18 10:27 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Media Organizing Systems, Inc
2009-10-18 10:25 . 2009-10-10 08:24 -------- d-----w- c:\users\Scorpio\AppData\Roaming\Remove Duplicate Files Automatically
2009-10-17 05:26 . 2009-10-17 05:26 16896 ----a-w- c:\windows\system32\drivers\dc3d.sys
2009-10-15 16:56 . 2009-10-15 16:56 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-10-10 16:56 . 2009-10-10 16:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-09 16:14 . 2009-10-09 16:14 34308 ----a-w- c:\programdata\mazuki.dll
2009-10-09 16:14 . 2009-10-09 16:14 34308 ----a-w- c:\programdata\mazuki.dll
2009-10-09 12:01 . 2009-10-09 12:01 -------- d-----w- c:\users\Scorpio\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
2009-10-09 11:57 . 2009-10-09 11:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 11:57 . 2009-11-28 12:40 38208 ----a-w- c:\users\Samu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 11:57 . 2009-10-23 06:33 38208 ----a-w- c:\users\Mira\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 11:57 . 2009-10-22 08:05 38208 ----a-w- c:\users\Annica\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 11:57 . 2009-10-09 11:57 38208 ----a-w- c:\users\Scorpio\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 11:57 . 2009-10-09 11:57 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-09 08:01 . 2008-12-10 05:55 110440 ----a-w- c:\users\Scorpio\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 05:57 . 2009-10-09 05:57 460592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-10-05 06:52 . 2009-10-05 06:51 4096 d-----w- c:\program files\TVersity Codec Pack
2009-10-02 13:33 . 2009-10-02 13:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-02 06:51 . 2009-10-02 06:51 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-02 04:06 . 2009-10-18 07:49 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-30 18:33 . 2009-09-30 14:26 5098496 ----a-w- C:\unetbtin.exe
2009-09-30 15:26 . 2009-09-30 15:27 279790 ----a-w- c:\windows\system32\perfi00B.dat
2009-09-30 15:26 . 2009-09-30 15:27 38258 ----a-w- c:\windows\system32\perfd00B.dat
2009-09-30 15:26 . 2009-09-30 15:26 38258 ----a-w- c:\windows\inf\PERFLIB\040B\perfd.dat
2009-09-30 15:26 . 2009-09-30 15:26 38258 ----a-w- c:\windows\inf\PERFLIB\040B\perfc.dat
2009-09-30 15:26 . 2009-09-30 15:26 279790 ----a-w- c:\windows\inf\PERFLIB\040B\perfi.dat
2009-09-30 15:26 . 2009-09-30 15:26 279790 ----a-w- c:\windows\inf\PERFLIB\040B\perfh.dat
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-23 23:00 . 2009-09-23 23:00 5161472 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-09-23 22:28 . 2009-09-23 22:28 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:28 . 2009-09-23 22:28 360448 ----a-w- c:\windows\system32\atieclxx.exe
2009-09-23 22:27 . 2009-07-30 05:40 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-09-23 22:26 . 2009-09-23 22:26 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-09-23 22:26 . 2009-09-23 22:26 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:25 . 2009-09-23 22:25 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:25 . 2009-09-23 22:25 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-09-23 22:25 . 2009-09-23 22:25 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:22 . 2009-09-23 22:22 3009536 ----a-w- c:\windows\system32\atidxx32.dll
2009-09-23 22:06 . 2009-09-23 22:06 3593216 ----a-w- c:\windows\system32\atiumdag.dll
2009-09-23 21:55 . 2009-09-23 21:55 12603904 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:48 . 2009-09-23 21:48 2849792 ----a-w- c:\windows\system32\atiumdva.dll
2009-09-23 21:36 . 2009-09-23 21:36 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2009-09-23 21:36 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:36 . 2009-09-23 21:36 204800 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:33 . 2009-09-23 21:33 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:33 . 2009-09-23 21:33 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:32 . 2009-09-23 21:32 3502080 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:21 . 2009-09-23 21:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-15 11:55 . 2008-12-10 04:37 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2008-12-10 04:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:55 . 2008-12-10 04:37 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-10 05:52 . 2009-10-16 09:35 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 00:13 . 2009-09-07 00:13 69382 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-27 10:10 . 2009-06-27 10:10 5843968 ----a-w- c:\program files\RemoveDuplicateFilesAutomatically.exe
2009-06-27 10:03 . 2009-06-27 10:03 23752 ----a-w- c:\program files\scr.dat
2009-06-27 10:03 . 2009-06-27 10:03 944 ----a-w- c:\program files\ic.dat
2009-06-27 10:03 . 2009-06-27 10:03 78088 ----a-w- c:\program files\PacificLogicOle.dll
2009-06-27 10:03 . 2009-06-27 10:03 4444160 ----a-w- c:\program files\Nevron.Presentation.dll
2009-06-27 10:03 . 2009-06-27 10:03 442368 ----a-w- c:\program files\Nevron.System.dll
2009-06-27 10:03 . 2009-06-27 10:03 339968 ----a-w- c:\program files\PacificLogic.Network.WebBrowserWrapper.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-27_10.36.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-10 04:59 . 2009-11-27 20:07 43404 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2009-12-02 12:39 43082 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:50 . 2009-11-26 21:50 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2009-11-28 19:01 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-11-28 19:00 . 2009-11-04 03:05 30800 c:\windows\System32\DriverStore\FileRepository\oanet.inf_x86_neutral_a40e9675c7df8856\OAnet.sys
+ 2008-12-10 04:02 . 2009-12-02 12:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-10 04:02 . 2009-11-27 10:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-10 04:02 . 2009-12-02 12:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2009-11-27 10:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2009-12-02 12:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-10 04:37 . 2009-11-27 10:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-10 04:37 . 2009-12-02 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-10 04:37 . 2009-11-27 10:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-10 04:37 . 2009-12-02 12:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-10 04:37 . 2009-11-27 10:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-10 04:37 . 2009-12-02 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-10 08:06 . 2009-12-02 12:28 4606 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2008-12-10 04:08 . 2009-12-02 12:39 8528 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2815692588-2460191661-559364892-1000_UserData.bin
+ 2009-12-01 15:37 . 2009-12-02 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-27 10:07 . 2009-11-27 10:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-01 15:37 . 2009-12-02 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-27 10:07 . 2009-11-27 10:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-29 03:34 . 2009-12-02 10:12 333110 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:05 . 2009-11-28 21:35 607298 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2009-11-27 10:14 607298 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2009-11-28 21:35 103676 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2009-11-27 10:14 103676 c:\windows\System32\perfc009.dat
- 2009-07-14 04:50 . 2009-11-26 21:50 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2009-11-28 19:01 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2009-11-26 21:50 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:50 . 2009-11-28 19:00 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2008-12-10 04:10 . 2009-12-02 12:30 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-12-10 04:10 . 2009-11-24 21:38 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:03 . 2009-12-02 10:32 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2009-11-27 10:22 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-28 07:52 . 2009-11-28 07:52 12508672 c:\windows\Installer\288e40f.msi
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SandboxieControl"="f:\program files\Sandboxie\SbieCtrl.exe" [2009-09-30 387584]
"uTorrent"="f:\program files\uTorrent.exe" [2009-09-30 289072]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AtiTrayTools"="f:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2008-09-17 585728]
"googletalk"="c:\users\Scorpio\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"anysee_TR"="c:\program files\anysee\anysee-E30Series\anysee_TR.exe" [2009-03-16 1417216]
"anysee CNO(Media Center PlugIn)"="c:\program files\anysee\Driver\CNO.EXE" [2009-03-30 1028096]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-27 149280]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-11-04 6615752]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-11-04 923336]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 AMTBDA_P861F;anysee Capture Service;c:\windows\System32\drivers\anyseeTU.SYS [30.3.2009 10:50 496256]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10.12.2008 6:37 114768]
R1 atitray;atitray;f:\program files\Ray Adams\ATI Tray Tools\atitray.sys [8.9.2008 19:32 18336]
R1 Ext2fs;Ext2fs;c:\windows\System32\drivers\ext2fs.sys [18.10.2009 13:22 181120]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [25.10.2009 11:57 659592]
R1 IfsMount;IfsMount;c:\windows\System32\drivers\ifsmount.sys [18.10.2009 13:22 51072]
R1 OADevice;OADriver;c:\windows\System32\drivers\OADriver.sys [28.11.2009 21:00 219728]
R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [28.11.2009 21:00 24656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [30.7.2009 7:40 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10.12.2008 6:37 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10.12.2008 6:37 53328]
R2 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [30.9.2009 17:41 54632]
R2 fsssvc;Windows Live -perheturvapalvelu;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864]
R2 NfsClnt;NFS-asiakas;c:\windows\System32\nfsclnt.exe [14.7.2009 1:14 52736]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [28.11.2009 21:00 1282248]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28.11.2009 23:05 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [28.11.2009 21:00 3282120]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys [17.10.2009 7:26 16896]
R3 NfsRdr;NFS-uudelleenohjauksen asiakas;c:\windows\System32\drivers\nfsrdr.sys [14.7.2009 1:14 201216]
R3 OAnet;OnlineArmor Service;c:\windows\System32\drivers\OAnet.sys [28.11.2009 21:00 30800]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [5.12.2006 10:34 507136]
R3 PsxDrv;PsxDrv;c:\windows\System32\drivers\psxdrv.sys [14.7.2009 1:23 9216]
R3 RpcXdr;NFS-palvelimen ONCRPC;c:\windows\System32\drivers\rpcxdr.sys [14.7.2009 1:14 86528]
R3 SbieDrv;SbieDrv;f:\program files\Sandboxie\SbieDrv.sys [30.9.2009 11:15 116736]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28.8.2009 18:42 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
'Ajoitetut tehtävät'-kansion sisältö

2009-12-02 c:\windows\Tasks\WindowsUpdate.job
- c:\windows\wupd.dll [2009-11-20 22:26]
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Scorpio\AppData\Roaming\Mozilla\Firefox\Profiles\1mhmt63b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/ig?tab=mw&hl=fi&source=iglk
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOXIN KÄYTÄNNÖT ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');f:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(5708)
c:\program files\Tall Emu\Online Armor\OAwatch.dll
f:\program files\Ray Adams\ATI Tray Tools\raphook.dll
c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\psxss.exe
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
f:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Tall Emu\Online Armor\OAhlp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-12-02 14:54 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-12-02 12:54
ComboFix2.txt 2009-11-27 10:43

Ennen ajoa: 125 039 333 376 tavua vapaana
Ajon jälkeen: 125 002 866 688 tavua vapaana

- - End Of File - - CC4204491770B5ABDA1620F327F20817





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:15, on 2.12.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\anysee\anysee-E30Series\anysee_TR.exe
C:\Program Files\anysee\Driver\CNO.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\Sandboxie\SbieCtrl.exe
F:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30Series\anysee_TR.exe
O4 - HKLM\..\Run: [anysee CNO(Media Center PlugIn)] C:\Program Files\anysee\Driver\CNO.EXE
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "F:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "F:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Scorpio\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/o...utodetectNT.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1228889225611
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - F:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8024 bytes

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 02 December 2009 - 09:21 AM

Nice Work your HijackThis log is clean.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
How did I get infected in the first place?
http://spywareinfofo...showtopic=60955

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 013

013

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 08 December 2009 - 07:46 AM

Thank you, thank you, thank you a million!

There is no sign whatsoever of any infection any more. I will donate as soon as I receive my next salary.

Once more: thank you!

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 08 December 2009 - 09:47 AM

Glad we could help.

Thank you for your support.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button