Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MY DSC

Unread postby blueranger » October 27th, 2006, 5:51 pm

Kim - I think this is an old file but not 100%, had a look at properties and was created in 2004. Dont think this is causing problem but am happy to remove if not sure. Think its something to do with an old digital camera.
blueranger
Regular Member
 
Posts: 58
Joined: October 21st, 2006, 11:38 am
Advertisement
Register to Remove

Unread postby Kimberly » October 27th, 2006, 6:02 pm

Ok thank you for checking ... no need to remove it, I just wanted to be sure.

I'm going over the win.txt files now.
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Kimberly » October 27th, 2006, 6:38 pm

Hello Mark,

We are serveral working on the infection, so please bear with us. :)

In regards to the my DSC ... looks like a Cam so nothing to worry about. :)

[Services\DCamUSBSQTECH]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,53,51,63,\
61,70,74,75,72,2e,73,79,73,00
"DisplayName"="Dual-Mode DSC(2770)"

I don't think that I will have something new before tomorrow. I'm planning to install your infection and see if I can figure out what the entry relations means or does in the svchost key. Normally every entry in that key represents a driver / service but it does not show up in the registry export.

Take care and don't worry. :)

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Kimberly » October 27th, 2006, 6:50 pm

I would like to see another registry key but I need to know it's value first please.

Copy/paste the following quote box into a new notepad (not wordpad) document.

regedit /e /a %systemdrive%\regkey.txt "HKEY_LOCAL_MACHINE\SYSTEM\Select"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt

Save it to your Desktop as regkey.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name:regkey.bat

Locate regkey.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted.

thanks :)
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

HELP

Unread postby blueranger » October 28th, 2006, 3:09 am

Good morning Kim :lol:

Here is the info you requested:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\Select]
"Current"=dword:00000003
"Default"=dword:00000003
"Failed"=dword:00000001
"LastKnownGood"=dword:00000002

I will be going out at 9:30am (gmt) and will be back at 13:00pm (gmt). If you let me know when you're around I will make sure I am so hopefully we can continue to make some good progress. :!:
blueranger
Regular Member
 
Posts: 58
Joined: October 21st, 2006, 11:38 am

Unread postby Kimberly » October 28th, 2006, 10:53 am

Hello Mark,

I should have told you, I usually connect after 16:00 PM (GMT + 1)

I would need two other exports to compare them to the first ones.

Re- Download dumpwin.zip to your desktop as I did update the file.
http://images.malwareremoval.com/Kimberly/dumpwin.zip

Unzip to your desktop, overwrite all existing files. Open the dumpwin folder, click dumpwin.bat.

The log might be huge, to much to post here so please upload to spykiller forum.

Please click on the link below.
http://www.thespykiller.co.uk/forum/ind ... ;board=1.0

You will be taken to a new post page (at a different forum)
In the subject box put Chinese infection for Kimberly
Please put your name and email in the box. In the message portion, please paste this:
Code: Select all
win.txt file for Kimberly (normal mode) - CS2
logfile: http://forum.malwareremoval.com/viewtopic.php?t=14727

Then, by the attach bar at the bottom, hit 'browse'. Click on My computer, then on Local Disk C.
Find the file below and hit ok:

win.txt

Then click submit to upload that file.

Once done, Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • login under your usual account.
Open the dumpwin folder, click dumpwin.bat.

Reboot in Normal Mode.

Please click on the link below.
http://www.thespykiller.co.uk/forum/ind ... ;board=1.0

You will be taken to a new post page (at a different forum)
In the subject box put Chinese infection for Kimberly
Please put your name and email in the box. In the message portion, please paste this:
Code: Select all
win.txt file for Kimberly (safe mode) - CS2
logfile: http://forum.malwareremoval.com/viewtopic.php?t=14727

Then, by the attach bar at the bottom, hit 'browse'. Click on My computer, then on Local Disk C.
Find the file below and hit ok:

win.txt

Then click submit to upload that file.

Thank you very much. :)

PS, if at any time you get chinese popups again or your homepage is changed, let me know please.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Help

Unread postby blueranger » October 28th, 2006, 11:20 am

Good Afternoon Kim :)

I saved the dumpwin folder on my desktop. I ran the program as you asked but a win.txt file was not saved. I have done a search and none was created. Is the batch file correct, it appeared on my screen for less than a second.

Thanks

Mark
blueranger
Regular Member
 
Posts: 58
Joined: October 21st, 2006, 11:38 am

Unread postby Kimberly » October 28th, 2006, 12:02 pm

Re-download please, should be ok now. I need some coffee to wake up :lol:
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

HELP!!!

Unread postby blueranger » October 28th, 2006, 12:19 pm

Hi Kim

I posted the logs you requested :)

Will wait for your instructions.

Thanks

Mark
blueranger
Regular Member
 
Posts: 58
Joined: October 21st, 2006, 11:38 am

Unread postby Kimberly » October 28th, 2006, 1:09 pm

Hello Mark,

Thank you very much. I'm looking them up. It might take some time because they are huge.

Open the Regsearch folder and click on regsearch.exe
Do a search for :

iSPONER

next line rundll.exe

Post results please.


Next, I want to check that C:\WINDOWS\SYSTEM32\RUNDLL.EXE is really gone.

Click Start > Run
copy / paste this line C:\WINDOWS\SYSTEM32 and hit enter.

Explorer will open, look if you find RUNDLL.EXE.

If present ....

Double-click Killbox.exe to run it.

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Rebootâ€
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Help

Unread postby blueranger » October 28th, 2006, 1:15 pm

Kim

First log:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 28/10/2006 18:14:15 for strings:
; 'isponer'
; 'rundll.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter Wmdm
; WmdmPmSN WinMgmt Winlogo
; WinMgmt Winlogon Windows Product
; Winlogon Windows Product Activation Windo
; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun
; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCt
; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtf
; VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCl
; VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFr
; Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS
; Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon
; UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk
; SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook
; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley n
; Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC
; SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Mi
; SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 1
; SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Jav
; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER He
; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Red
; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Dep
; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSys
; PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL
; Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQu
; Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+
; PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms
; Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Al
; Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrol
; Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Applicat
; Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Applic
; ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Appli
; MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error app
; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Autochk Application Management Application Hang Application Error apphelp Application
; Application Management Application Hang Application Error apphelp Application
; Application Hang Application Error apphelp Application
; Application Error apphelp Application
; apphelp Application
; Application
;
"Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\
6d,53,4e,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\
6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\
6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\
69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\
69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,\
4c,6f,67,00,53,70,6f,6f,6c,65,72,43,74,72,73,00,53,6f,66,74,77,61,72,65,20,\
49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,\
53,72,76,00,53,63,65,43,6c,69,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,\
73,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,\
00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,\
00,50,65,72,66,63,74,72,73,00,4f,75,74,6c,6f,6f,6b,00,4f,66,66,6c,69,6e,65,\
20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,6e,74,62,61,63,6b,75,70,00,4d,53,\
53,4f,41,50,00,4d,73,69,49,6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,\
6c,69,65,6e,74,00,4d,53,44,54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,\
76,63,00,4d,69,63,72,6f,73,6f,66,74,20,4f,66,66,69,63,65,20,31,31,00,4c,6f,\
61,64,50,65,72,66,00,4a,61,76,61,20,56,4d,00,69,53,50,4f,4e,45,52,00,48,65,\
6c,70,53,76,63,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\
46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\
65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\
69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\
43,68,6b,64,73,6b,00,41,76,67,45,6d,73,00,41,76,67,37,55,70,64,53,76,63,00,\
41,76,67,37,41,6c,72,74,00,41,56,47,37,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,\
65,6e,74,00,41,75,74,6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,\
61,6e,61,67,65,6d,65,6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,\
67,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,45,72,72,6f,72,00,61,70,70,68,65,\
6c,70,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\iSPONER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\iSPONER]
; Contents of value:
; c:\windows\system32\rundll.exe c:\windows\system32\wbem\kjrtml61.dll,export 1087
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,59,53,54,45,4d,\
33,32,5c,52,55,4e,44,4c,4c,2e,45,58,45,20,43,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,59,53,54,45,4d,33,32,5c,57,42,45,4d,5c,4b,4a,52,54,4d,4c,36,31,2e,44,4c,\
4c,2c,45,78,70,6f,72,74,20,31,30,38,37,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
; Contents of value:
; Microsoft H.323 Telephony Service Provider
; WSH WMIAdapter WmdmPmSN WinMgmt Winlogon Window
; WMIAdapter WmdmPmSN WinMgmt Winlogon Windows Product Activ
; WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Mi
; WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient
; Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Us
; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog Spo
; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv Sc
; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc Pe
; VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet P
; VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib
; Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs
; Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline F
; UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntba
; SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiIns
; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MS
; Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi
; SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER
; SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder R
; SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection Fil
; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment Ev
; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT
; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson Di
; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32
; PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk
; Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSv
; Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7
; PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Au
; Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application
; Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Applic
; Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application
; Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Applic
; ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Autochk Application Management Application Hang Application Error apphelp Application
; Application Management Application Hang Application Error apphelp Application
; Application Hang Application Error apphelp Application
; Application Error apphelp Application
; apphelp Application
; Application
;
"Sources"=hex(7):4d,69,63,72,6f,73,6f,66,74,20,48,2e,33,32,33,20,54,65,6c,65,\
70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,6f,76,69,64,65,72,00,57,53,\
48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,6d,53,4e,00,57,69,6e,\
4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,6f,77,73,20,50,72,6f,\
64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,6e,64,6f,77,73,20,33,\
2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,69,65,6e,74,00,56,53,\
53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,73,65,72,\
65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,4c,6f,67,00,53,70,6f,\
6f,6c,65,72,43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,\
61,74,69,6f,6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,\
43,6c,69,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,72,66,50,\
72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,\
6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,\
72,73,00,4f,75,74,6c,6f,6f,6b,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,\
4f,61,6b,6c,65,79,00,6e,74,62,61,63,6b,75,70,00,4d,53,53,4f,41,50,00,4d,73,\
69,49,6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,\
53,44,54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,\
6f,73,6f,66,74,20,4f,66,66,69,63,65,20,31,31,00,4c,6f,61,64,50,65,72,66,00,\
4a,61,76,61,20,56,4d,00,69,53,50,4f,4e,45,52,00,48,65,6c,70,53,76,63,00,46,\
6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,44,65,\
70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,45,4e,\
54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,\
61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,\
41,76,67,45,6d,73,00,41,76,67,37,55,70,64,53,76,63,00,41,76,67,37,41,6c,72,\
74,00,41,56,47,37,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\
6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\
6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\
63,61,74,69,6f,6e,20,45,72,72,6f,72,00,61,70,70,68,65,6c,70,00,41,70,70,6c,\
69,63,61,74,69,6f,6e,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\iSPONER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\iSPONER]
; Contents of value:
; c:\windows\system32\rundll.exe c:\windows\system32\wbem\kjrtml61.dll,export 1087
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,59,53,54,45,4d,\
33,32,5c,52,55,4e,44,4c,4c,2e,45,58,45,20,43,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,59,53,54,45,4d,33,32,5c,57,42,45,4d,5c,4b,4a,52,54,4d,4c,36,31,2e,44,4c,\
4c,2c,45,78,70,6f,72,74,20,31,30,38,37,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; Microsoft H.323 Telephony Service Provider
; WSH WMIAdapter WmdmPmSN WinMgmt Winlogon Window
; WMIAdapter WmdmPmSN WinMgmt Winlogon Windows Product Activ
; WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Mi
; WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient
; Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Us
; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog Spo
; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv Sc
; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc Pe
; VSS VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet P
; VBRuntime Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib
; Userinit Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs
; Userenv UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline F
; UploadM SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntba
; SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiIns
; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MS
; Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi
; SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER
; SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder R
; SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection Fil
; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment Ev
; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT
; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson Di
; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32
; PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk
; Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSv
; Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7
; PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Au
; Perfctrs Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application
; Outlook Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Applic
; Offline Files Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application
; Oakley ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Applic
; ntbackup MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSSOAP MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDTC MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; MSDMine mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; mnmsrvc Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Microsoft Office 11 LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; LoadPerf Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Java VM iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; iSPONER HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; DiskQuota crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; crypt32 COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; COM+ Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Ci Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Chkdsk AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AvgEms Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Avg7Alrt AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AVG7 AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; AutoEnrollment Autochk Application Management Application Hang Application Error apphelp Application
; Autochk Application Management Application Hang Application Error apphelp Application
; Application Management Application Hang Application Error apphelp Application
; Application Hang Application Error apphelp Application
; Application Error apphelp Application
; apphelp Application
; Application
;
"Sources"=hex(7):4d,69,63,72,6f,73,6f,66,74,20,48,2e,33,32,33,20,54,65,6c,65,\
70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,6f,76,69,64,65,72,00,57,53,\
48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,6d,53,4e,00,57,69,6e,\
4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,6f,77,73,20,50,72,6f,\
64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,6e,64,6f,77,73,20,33,\
2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,69,65,6e,74,00,56,53,\
53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,73,65,72,\
65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,4c,6f,67,00,53,70,6f,\
6f,6c,65,72,43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,\
61,74,69,6f,6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,\
43,6c,69,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,72,66,50,\
72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,\
6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,\
72,73,00,4f,75,74,6c,6f,6f,6b,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,\
4f,61,6b,6c,65,79,00,6e,74,62,61,63,6b,75,70,00,4d,53,53,4f,41,50,00,4d,73,\
69,49,6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,\
53,44,54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,\
6f,73,6f,66,74,20,4f,66,66,69,63,65,20,31,31,00,4c,6f,61,64,50,65,72,66,00,\
4a,61,76,61,20,56,4d,00,69,53,50,4f,4e,45,52,00,48,65,6c,70,53,76,63,00,46,\
6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,44,65,\
70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,45,4e,\
54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,\
61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,\
41,76,67,45,6d,73,00,41,76,67,37,55,70,64,53,76,63,00,41,76,67,37,41,6c,72,\
74,00,41,56,47,37,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\
6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\
6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\
63,61,74,69,6f,6e,20,45,72,72,6f,72,00,61,70,70,68,65,6c,70,00,41,70,70,6c,\
69,63,61,74,69,6f,6e,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\iSPONER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\iSPONER]
; Contents of value:
; c:\windows\system32\rundll.exe c:\windows\system32\wbem\kjrtml61.dll,export 1087
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,59,53,54,45,4d,\
33,32,5c,52,55,4e,44,4c,4c,2e,45,58,45,20,43,3a,5c,57,49,4e,44,4f,57,53,5c,\
53,59,53,54,45,4d,33,32,5c,57,42,45,4d,5c,4b,4a,52,54,4d,4c,36,31,2e,44,4c,\
4c,2c,45,78,70,6f,72,74,20,31,30,38,37,00

; End Of The Log...
blueranger
Regular Member
 
Posts: 58
Joined: October 21st, 2006, 11:38 am

HELP!!

Unread postby blueranger » October 28th, 2006, 1:31 pm

Hi Kim

I checked the C:/Windows\System32 folder and rundll.exe was present :(

I ran the killbox exe and selected delete on reboot. I got the "Pending file rename operations......" message :(

I hope we will beat this nasty thing very soon :)

Will await your next instruction.

Mark
blueranger
Regular Member
 
Posts: 58
Joined: October 21st, 2006, 11:38 am

Unread postby Kimberly » October 28th, 2006, 1:42 pm

Is it still present in the C:\WINDOWS\SYSTEM32 after reboot ?

Next ...

Start > run

copy & paste

c:\!killbox and hit enter

Explorer will open. DON'T touch any files in there ... Just tell me if rundll.exe is present in that folder and close explorer.
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

HELP!!

Unread postby blueranger » October 28th, 2006, 2:45 pm

Hi Kim,

Answer is yes to both questions :(

Thanks

Mark
blueranger
Regular Member
 
Posts: 58
Joined: October 21st, 2006, 11:38 am

Unread postby Kimberly » October 28th, 2006, 4:24 pm

Good evening Mark,

Answer is yes to both questions

Okido, thanks for checking. He, don't worry, I don't like it when malware is resisting me ... so don't give up we'll do our best to get it out of the PC .. I just need a max of info. ;)

Ok, I would like to have that file for analyse since Killbox did make a backup of it but something is regenerating the file.

Paste the following list of bad files into the Suspicious File Packer (sfp.exe) window:

C:\!Killbox\rundll.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop.

Please click on the link below.
http://www.thespykiller.co.uk/forum/ind ... ;board=1.0

You will be taken to a new post page (at a different forum)
In the subject box put Chinese infection for Kimberly
Please put your name and email in the box. In the message portion, please paste this:
Code: Select all
Infected files for Kimberly
Suspect: rundll.exe
logfile: http://forum.malwareremoval.com/viewtopic.php?t=14727

Then, by the attach bar at the bottom, hit 'browse'. Navigate to your desktop and find the file below and hit ok:

requested-files[2006-10-28_xx_xx].cab

The filename may not be exactly this but it will end in .cab

Then click submit to upload that file. That way our experts can analyse the files.

Thank you Mark. :)

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 604 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware