Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Starting iexplore.exe, popups etc.


  • This topic is locked This topic is locked
20 replies to this topic

#1 TomasA

TomasA

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 06 October 2010 - 09:44 AM

Hi
I have a malware that starts the process iexplorer.exe (I don't use Internet Explorer, only Firefox). It turns down the sound (the wave channel to be exact), plays a variety of different sounds and pop-up commercials in Internet Explorer. It occured first time straight after I installed Service pack 3 to Windows XP - however I don't know if there is a connection.

The results from DDS are attached. However, when I ran Gmer the computer was first very slow due to the processes (I believe winlogon took 50% CPU and Explorer 50%) and then the computer crashed with a blue screen.

Thank you very much for your help, you are great.

Best regards
Tomas

-----------
dds.txt:
-----------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tomas Andersson at 12:31:42,68 on 2010-10-06
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2046.807 [GMT 2:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Wave Systems Corp\Common\DataServer.exe
C:\Program\ESTECO\modeFRONTIER403\lic\lmgrd.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\Program\ESTECO\modeFRONTIER403\lic\esteco.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\ABAQUS\Documentation\monitor.exe
C:\ABAQUS\Documentation\monitor.exe
C:\Program\Apoint\Apoint.exe
svchost.exe 4
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\ScanSoft\PaperPort\pptd40nt.exe
C:\Program\Apoint\HidFind.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Sun\StarOffice 8\program\soffice.exe
C:\Program\Sun\StarOffice 8\program\soffice.BIN
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program\delade~1\instal~1\update~1\isuspm.exe
C:\Program\Delade filer\InstallShield\UpdateService\agent.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Mozilla Firefox\plugin-container.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Tomas Andersson\Skrivbord\Defogger.exe
C:\Documents and Settings\Tomas Andersson\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6070118
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6070118
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program\apoint\Apoint.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [IntelZeroConfig] "c:\program\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\program\delade~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Photo Downloader] "c:\program\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ClamWin] "c:\program\clamwin\bin\ClamTray.exe" --logon
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program\delade filer\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program\brother\controlcenter3\brctrcen.exe /autorun
mRun: [AdobeCS4ServiceManager] "c:\program\delade filer\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Updater] "c:\program\google\google updater\GoogleUpdater.exe" -check_deprecation
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tomasa~1\start-~1\program\autost~1\starof~1.lnk - c:\program\sun\staroffice 8\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe
IE: E&xportera till Microsoft Excel - c:\program\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office12\REFIEBAR.DLL
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program/proeWildfire%202.0/i486_nt/obj/pvx_install.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ukfreetrial.webex.com/client/T27L/webex/ieatgpc.cab
AppInit_DLLs: wxvault.dll c:\program\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tomasa~1\applic~1\mozilla\firefox\profiles\ned7ipvy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sv&q=
FF - component: c:\documents and settings\tomas andersson\application data\mozilla\firefox\profiles\ned7ipvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\tomas andersson\application data\mozilla\firefox\profiles\ned7ipvy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program\dassault systemes\3d xml player\intel_a\code\bin\NP3DXMLPlugin.dll
FF - plugin: c:\program\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program\google\google updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program\mozilla firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program\personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-12 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-5 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-14 207280]
R2 FLEXlm Service modeFRONTIER 4;FLEXlm Service modeFRONTIER 4;c:\program\esteco\modefrontier403\lic\lmgrd.exe [2008-11-10 659456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 Texis Monitor;Texis Monitor;c:\abaqus\documentation\monitor.exe [2007-3-6 4493312]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-27 31896]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-1 27632]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 ABAQUS FLEXlm License Manager;ABAQUS FLEXlm License Manager;c:\abaqus\license\lmgrd.exe [2007-3-6 1392016]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2010-2-1 49904]
S3 DiinoService;DiinoService;c:\documents and settings\tomas andersson\application data\diino\DiinoService_xp_i386.exe [2010-8-31 135168]
S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program\google\google desktop search\GoogleDesktop.exe [2007-1-18 30192]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-6-25 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-6-25 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-6-25 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program\spyware doctor\pctsAuxs.exe [2008-6-25 358600]
S3 sdCoreService;PC Tools Security Service;c:\program\spyware doctor\pctsSvc.exe [2008-6-25 1141200]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-8-30 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-8-30 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-8-30 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-8-30 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-8-30 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-8-30 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-8-30 90800]
S3 Tomcat6;Apache Tomcat;c:\program\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2007-2-13 53248]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-10-06 10:27:58 0 ----a-w- c:\documents and settings\tomas andersson\defogger_reenable

==================== Find3M ====================

2010-10-05 15:36:06 297253 ----a-w- c:\windows\system32\nvModes.dat
2010-10-02 16:05:44 494842 ----a-w- c:\windows\system32\perfh01D.dat
2010-10-02 16:05:44 103210 ----a-w- c:\windows\system32\perfc01D.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:30 8470016 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:46:06 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:46:06 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 06:19:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2008-03-26 07:20:35 0 ----a-w- c:\program\error.dat
2007-03-15 19:05:52 362 ----a-w- c:\program\Genväg till Program.lnk
2009-10-26 10:01:01 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009102620091027\index.dat

============= FINISH: 12:33:00,37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 06 October 2010 - 04:36 PM

Good evening. smile.gif

Please download MBRCheck.exe by a_d_13 from here and save it to your Desktop.
  • Double click the file to begin the scan.
  • A Command Window will open and after the scan has completed you will be prompted to select further action - please exit in the stated manner.
  • A text file called MBRCheck_date/time.txt can be found on the Desktop. I'd like you to post the contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Preformat.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see a folder with a .vbs file in it. Double click Preformat.vbs to run it and a text file called Preformat.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

So long, and thanks for all the fish.

 

 


#3 TomasA

TomasA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 07 October 2010 - 12:28 AM

Hi
Thanks for your reply. Here are the results from Preformat and MBRCheck.

Best regards
Tomas
-------
Preformat:
-------

Partition ID: Disk #0, Partition #0
Size: 86,26 MB

~~~~~~~~~~~~~~~~~~~~~~~~

Partition ID: Disk #0, Partition #1
Size: 148,96 GB

The computer boots from this partition.

~~~~~~~~~~~~~~~~~~~~~~~~

BIOS Manufacturer: Dell Inc.
Name: Phoenix ROM BIOS PLUS Version 1.10 A05
Status: OK

This is the primary BIOS.

~~~~~~~~~~~~~~~~~~~~~~~~

-----------
MBRCheck:
-----------


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F87000 fltmgr.sys
0xB9F59000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F48000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F2A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F0B000 ftdisk.sys
0xB9EE5000 dmio.sys
0xBA330000 PartMgr.sys
0xBA338000 pavboot.sys
0xBA0C8000 VolSnap.sys
0xB9ECD000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E96000 PCTCore.sys
0xBA0F8000 Lbd.sys
0xB9E80000 DRVMCDB.SYS
0xBA108000 PxHelp20.sys
0xB9E69000 KSecDD.sys
0xB9DDC000 Ntfs.sys
0xB9DAF000 NDIS.sys
0xBA340000 pbadrv.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D95000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9D4D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB9D38000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB94D3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB94BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9497000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB933A000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xB9317000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB92F3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA350000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB92D8000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA370000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA378000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA208000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9D20000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5FE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA380000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB92B5000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA248000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xBA258000 \SystemRoot\system32\DRIVERS\dfmirage.sys
0xBA778000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D18000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB929E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA278000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA288000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA388000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9265000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA298000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA390000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA398000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9235000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xBA600000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB91D7000 \SystemRoot\system32\DRIVERS\update.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xBA2D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB7053000 \SystemRoot\system32\drivers\sthda.sys
0xB702F000 \SystemRoot\system32\drivers\portcls.sys
0xBA2E8000 \SystemRoot\system32\drivers\drmk.sys
0xB6FF5000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xB6EFE000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xB6E48000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA3B8000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA60C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9D69000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA79F000 \SystemRoot\System32\Drivers\Null.SYS
0xBA610000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3C8000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3D8000 \SystemRoot\System32\drivers\vga.sys
0xBA612000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA614000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9D5D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6DED000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6D94000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6D6C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6D4A000 \SystemRoot\System32\drivers\afd.sys
0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6D1F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6CAF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA158000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6BE9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9286000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA168000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA188000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA198000 \SystemRoot\System32\Drivers\tosrfusb.sys
0xB9861000 \SystemRoot\system32\DRIVERS\usbccid.sys
0xB9163000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB9841000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6BA9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA648000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6E24000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA420000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7F2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9871000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA749000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB5482000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB54FC000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5E8000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA448000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB546A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB5454000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB54A4000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB5440000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4017000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3F16000 \SystemRoot\System32\Drivers\adfs.SYS
0xB3DA7000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3E1E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3CCA000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3E96000 \SystemRoot\system32\drivers\sysaudio.sys
0xB320B000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
840 C:\WINDOWS\system32\smss.exe
900 csrss.exe
928 C:\WINDOWS\system32\winlogon.exe
976 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1196 C:\WINDOWS\system32\svchost.exe
1268 svchost.exe
1312 C:\WINDOWS\system32\svchost.exe
1372 C:\Program\Intel\Wireless\Bin\EvtEng.exe
1412 C:\Program\Intel\Wireless\Bin\S24EvMon.exe
1436 C:\Program\Intel\Wireless\Bin\WLKEEPER.exe
1572 svchost.exe
1604 svchost.exe
1812 C:\Program\Lavasoft\Ad-Aware\AAWService.exe
1980 C:\WINDOWS\system32\BRSVC01A.EXE
2008 C:\WINDOWS\system32\spoolsv.exe
268 C:\WINDOWS\system32\svchost.exe
280 scardsvr.exe
328 C:\WINDOWS\explorer.exe
544 svchost.exe
632 C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
676 C:\Program\Wave Systems Corp\common\DataServer.exe
720 C:\Program\ESTECO\modeFRONTIER403\lic\lmgrd.exe
828 C:\Program\Java\jre6\bin\jqs.exe
872 C:\WINDOWS\system32\BRSS01A.EXE
1340 C:\Program\Apoint\Apoint.exe
1512 C:\WINDOWS\system32\rundll32.exe
1536 sqlservr.exe
1668 C:\WINDOWS\stsystra.exe
1808 C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
1924 C:\Program\Intel\Wireless\Bin\ZCfgSvc.exe
1948 C:\Program\Intel\Wireless\Bin\iFrmewrk.exe
2036 C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
2044 C:\Program\ESTECO\modeFRONTIER403\lic\esteco.exe
192 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
340 C:\Program\Dell\QuickSet\NicConfigSvc.exe
696 C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
1488 C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
1556 C:\WINDOWS\system32\nvsvc32.exe
2056 C:\Program\ClamWin\bin\ClamTray.exe
2116 C:\WINDOWS\system32\svchost.exe
2136 C:\Program\Intel\Wireless\Bin\RegSrvc.exe
2148 C:\Program\Apoint\hidfind.exe
2244 C:\Program\ScanSoft\PaperPort\pptd40nt.exe
2252 C:\Program\Apoint\ApntEx.exe
2344 C:\WINDOWS\system32\svchost.exe
2372 C:\Program\Brother\Brmfcmon\BrMfcWnd.exe
2492 C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
2572 C:\ABAQUS\Documentation\monitor.exe
2620 C:\Program\Java\jre6\bin\jusched.exe
2880 C:\ABAQUS\Documentation\monitor.exe
3068 C:\WINDOWS\system32\ctfmon.exe
3080 C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3228 C:\Program\Personal\bin\Personal.exe
3276 C:\Program\Sun\StarOffice 8\program\soffice.exe
3316 C:\Program\Sun\StarOffice 8\program\soffice.bin
3524 iexplore.exe
3640 C:\WINDOWS\system32\wuauclt.exe
3780 C:\Program\Mozilla Firefox\firefox.exe
4020 unsecapp.exe
2824 alg.exe
2776 wmiprvse.exe
2908 C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
3508 iexplore.exe
1804 C:\Program\Mozilla Firefox\plugin-container.exe
804 C:\WINDOWS\system32\cmd.exe
2816 C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
2672 C:\Documents and Settings\Tomas Andersson\Skrivbord\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC74P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 07 October 2010 - 02:31 PM

Good evening. smile.gif

OK, the situation you find yourself in is as follows - your hard drive has an area on it that is known as the Master Boot Record. The nasty that you have picked up has altered the MBR and ideally we would undo the changes to solve the problem.
Unfortunately it isn't quite as easy as typing this and the only option we have available is to replace your infected Master Boot Record with a standard one, which doesn't guarantee to put everything right. Some computer manufacturers use custom MBRs which allow boot access to options such as Factory Restore and this infection will render these unavailable until the custom MBR is written back to the hard drive - an issue which a standard MBR won't solve.

If the custom MBR problem affects you, and your only recovery option is Factory Restore as the PC manufacturer didn't supply you with a Windows Recovery Disc, you will need to contact them and see if they are willing to supply you with this disc. Without it you will be unable to reinstall Windows should the need arise.

The worst-case scenario with overwriting the MBR to clean the infection is that the PC becomes unbootable and you have what is in effect an expensive paperweight, which, although unlikely, needs to be mentioned. While this won't actually physically break anything and you can reinstall the Operating System from a disc, if you have one, the existing installation of Windows will be unusable.

Can you tell me whether you have a Windows installation disc or not.

So long, and thanks for all the fish.

 

 


#5 TomasA

TomasA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 October 2010 - 04:46 AM

Hi
I've been searching the appartment and storage, but I can't find any recovery disc. If I remember correctly Windows came preinstalled by Dell and i can't recall any recovery disc (but it was a couple of years ago). I will try to contact Dell first thing monday morning but since my guarantee and insurance has ran out I'm afraid they wont be keen on collaborate.

What's the best procedure without recovery disc? *Keeping my fingers crossed*

Best regards
Tomas

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 09 October 2010 - 12:34 PM

Good evening. smile.gif

Although the risk of anything going wrong is small - in the cases i've dealt with nothing has gone pear-shaped yet - there is still a theoretical risk and the recovery disk is the safety net that's never unwelcome.
The mbr needs to be overwritten to deal with this nasty and if something does go wrong, your PC is an expensive paperweight until either the error is corrected or the operating system is reinstalled.

You need to decide if the small risk is something you can live with and back-up any important files before we begin - assuming you are willing to trust to "luck".
I stress that although nothing has gone wrong in previous cases, and i've no reason to assume that yours will be any different, it would be remiss of me not to point out the worst-case scenario just for the sake of my being able to say "I did warn you!" if it does happen.

It would be helpful if you had another internet access option if something does happen as that way I can walk you through Plan B in that event. If not, i'll just have to include that as part of the instructions and cross my fingers! thumbup2.gif

So long, and thanks for all the fish.

 

 


#7 TomasA

TomasA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 10 October 2010 - 06:20 AM

Hi
Thanks for your help. I have been warned and will back-up all I can, but of course I really hope it will work fine.

I have a second internet access option, so I think I will be able to keep contact under all circumstances .

Lets go crazy smile.gif

best regards

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 10 October 2010 - 02:12 PM

Good evening. smile.gif

QUOTE(TomasA @ Oct 10 2010, 12:20 PM) View Post
Lets go crazy smile.gif

You mad impetuous fool, you! dance.gif

OK, Step one is to make a back-up of your existing mbr, just in case. Assuming that you dropped the copy of MBRCheck you downloaded to your Desktop, go to Start > Run..., copy the following text, including quotation marks, to the text box and click OK:

"%userprofile%\desktop\MBRCheck.exe" -s 0 -d "C\mbr.dat"

You should see a Command Window open and once you are instructed to press <ENTER>, do so. I want you to post the contents of the new MBRCheck text file that should have been created on your Desktop - please check the date and time.

So long, and thanks for all the fish.

 

 


#9 TomasA

TomasA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 12 October 2010 - 12:29 AM

Good morning
I took the liberty to change the command line from "C\mbr.dat" to "C:\mbr.dat". The MBRcheck-file then became

MBRCheck, version 1.2.3
© 2010, AD

Command-line: -s 0 -d C:\mbr.dat
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F87000 fltmgr.sys
0xB9F59000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F48000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F2A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F0B000 ftdisk.sys
0xB9EE5000 dmio.sys
0xBA330000 PartMgr.sys
0xBA338000 pavboot.sys
0xBA0C8000 VolSnap.sys
0xB9ECD000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E96000 PCTCore.sys
0xBA0F8000 Lbd.sys
0xB9E80000 DRVMCDB.SYS
0xBA108000 PxHelp20.sys
0xB9E69000 KSecDD.sys
0xB9DDC000 Ntfs.sys
0xB9DAF000 NDIS.sys
0xBA340000 pbadrv.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D95000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9D59000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB9D55000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB93F6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB93E2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB93BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB925D000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xB923A000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA350000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9216000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA370000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB91FB000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA380000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9D2C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA208000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA602000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA388000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA228000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB91D8000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA238000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xBA248000 \SystemRoot\system32\DRIVERS\dfmirage.sys
0xBA74E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA258000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB91C1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA278000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA390000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9188000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA288000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA398000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9158000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA298000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xBA604000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB90FA000 \SystemRoot\system32\DRIVERS\update.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xBA2D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6F76000 \SystemRoot\system32\drivers\sthda.sys
0xB6F52000 \SystemRoot\system32\drivers\portcls.sys
0xBA2E8000 \SystemRoot\system32\drivers\drmk.sys
0xB6F18000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xB6E21000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xB6D6B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA3B0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA614000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9D71000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA616000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA783000 \SystemRoot\System32\Drivers\Null.SYS
0xBA618000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3C8000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3D8000 \SystemRoot\System32\drivers\vga.sys
0xBA61A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA61C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9D65000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6D10000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6CB7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6C8F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6C6D000 \SystemRoot\System32\drivers\afd.sys
0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6C42000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6BD2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA158000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6B0C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA168000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB91A5000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA178000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA1A8000 \SystemRoot\System32\Drivers\tosrfusb.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\usbccid.sys
0xB91A1000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xBA1C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6ACC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA64C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6D53000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA410000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9764000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA726000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB53A5000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB542B000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5F0000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA428000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB538D000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB5377000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB53CF000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB536F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3E9A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3E39000 \SystemRoot\System32\Drivers\adfs.SYS
0xB3C44000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3F37000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3AFF000 \SystemRoot\system32\DRIVERS\srv.sys
0xB39E7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB312E000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
832 C:\WINDOWS\system32\smss.exe
892 csrss.exe
920 C:\WINDOWS\system32\winlogon.exe
968 C:\WINDOWS\system32\services.exe
988 C:\WINDOWS\system32\lsass.exe
1188 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1304 C:\WINDOWS\system32\svchost.exe
1364 C:\Program\Intel\Wireless\Bin\EvtEng.exe
1404 C:\Program\Intel\Wireless\Bin\S24EvMon.exe
1428 C:\Program\Intel\Wireless\Bin\WLKEEPER.exe
1568 svchost.exe
1600 svchost.exe
1948 C:\WINDOWS\system32\svchost.exe
1988 C:\WINDOWS\system32\BRSVC01A.EXE
2008 C:\WINDOWS\system32\spoolsv.exe
276 C:\WINDOWS\explorer.exe
300 scardsvr.exe
564 svchost.exe
636 C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
684 C:\Program\Wave Systems Corp\common\DataServer.exe
720 C:\Program\ESTECO\modeFRONTIER403\lic\lmgrd.exe
804 C:\WINDOWS\system32\BRSS01A.EXE
820 C:\Program\Apoint\Apoint.exe
1008 C:\Program\Java\jre6\bin\jqs.exe
160 C:\WINDOWS\system32\rundll32.exe
992 C:\WINDOWS\stsystra.exe
1212 C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
1200 C:\Program\Intel\Wireless\Bin\ZCfgSvc.exe
1268 C:\Program\Intel\Wireless\Bin\iFrmewrk.exe
1332 C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
1356 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1504 C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
1828 C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
220 C:\Program\ESTECO\modeFRONTIER403\lic\esteco.exe
264 C:\Program\ClamWin\bin\ClamTray.exe
2036 C:\Program\ScanSoft\PaperPort\pptd40nt.exe
776 C:\Program\Brother\Brmfcmon\BrMfcWnd.exe
1764 C:\WINDOWS\system32\svchost.exe
2084 C:\Program\Apoint\hidfind.exe
2108 C:\Program\Java\jre6\bin\jusched.exe
2124 sqlservr.exe
2216 C:\Program\Apoint\ApntEx.exe
2316 C:\Program\Dell\QuickSet\NicConfigSvc.exe
2396 C:\WINDOWS\system32\nvsvc32.exe
2428 C:\WINDOWS\system32\ctfmon.exe
2456 C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2492 C:\Program\Intel\Wireless\Bin\RegSrvc.exe
2528 C:\Program\Skype\Phone\Skype.exe
2624 C:\WINDOWS\system32\svchost.exe
2704 C:\Program\Personal\bin\Personal.exe
2728 C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
2812 C:\ABAQUS\Documentation\monitor.exe
2940 C:\Program\Sun\StarOffice 8\program\soffice.exe
3100 C:\Program\Sun\StarOffice 8\program\soffice.bin
3104 C:\Program\Mozilla Firefox\firefox.exe
3160 C:\ABAQUS\Documentation\monitor.exe
3496 iexplore.exe
944 alg.exe
2620 wmiprvse.exe
3204 C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
3620 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3076 C:\Program\Mozilla Firefox\plugin-container.exe
3456 C:\WINDOWS\system32\notepad.exe
696 C:\Documents and Settings\Tomas Andersson\Skrivbord\MBRCheck.exe

Dumping \\.\PhysicalDrive0 to C:\mbr.dat...
Dumped successfully!


Done!

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 12 October 2010 - 01:42 PM

Good evening. smile.gif

QUOTE
I took the liberty to change the command line from "C\mbr.dat" to "C:\mbr.dat".

That's the trouble with free help, it's just not as good as the paid-for variety! whistling.gif

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#11 TomasA

TomasA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 13 October 2010 - 04:19 PM

Good evening
I've run Combofix and it looked like it worked fine. The log-file is attached below (an interesting detail was that Combofix ran in Swedish - please ask if you want me to translate anything in the log-file for you). I have only tried the computer a short while but it seems to work fine. Thank you!!! (Am I safe now)

A few more questions while I'm at it. In order to get rid of the problems i installed a lot of AV-software, I have now Norton, Spyware Doctor, Clamwin and Ad-Aware - are they all crap? should I uninstall them?

I have usb-disks that might be full of malware now, is it safe to connect them once I managed XP to not autoplay them?

I would be very happy the donate to your cause.

Best regards
Tomas









-----



ComboFix 10-10-12.03 - Tomas Andersson 2010-10-13 21:44:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2046.1469 [GMT 2:00]
Körs från: c:\documents and settings\Tomas Andersson\Skrivbord\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
(((((((((((((((((((((((( Filer Skapade från 2010-09-13 till 2010-10-13 ))))))))))))))))))))))))))))))
.

Inga nya filer har skapats under denna tid.

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 10:37 . 2009-05-04 10:37 28488 ----a-w- c:\program\mozilla firefox\plugins\atgpcdec.dll
2009-05-04 10:37 . 2009-05-04 10:37 183696 ----a-w- c:\program\mozilla firefox\plugins\atgpcext.dll
2009-05-04 10:38 . 2009-05-04 10:38 46408 ----a-w- c:\program\mozilla firefox\plugins\atmccli.dll
2009-05-04 10:38 . 2009-05-04 10:38 99216 ----a-w- c:\program\mozilla firefox\plugins\ieatgpc.dll
2009-12-13 15:57 . 2007-05-11 11:08 119808 ----a-w- c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-26 68856]
"Skype"="c:\program\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program\Apoint\Apoint.exe" [2005-10-07 176128]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Document Manager"="c:\program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"IntelZeroConfig"="c:\program\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-13 30192]
"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"ClamWin"="c:\program\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2007-12-11 286720]
"SSBkgdUpdate"="c:\program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"IndexSearch"="c:\program\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"BrMfcWnd"="c:\program\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Updater"="c:\program\Google\Google Updater\GoogleUpdater.exe" [2010-04-05 161336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tomas Andersson\Start-meny\Program\Autostart\
StarOffice 8.lnk - c:\program\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2010-2-2 939920]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomas Andersson^Start-meny^Program^Autostart^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Tomas Andersson\Start-meny\Program\Autostart\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 16:05 1695232 ----a-w- c:\program\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-01-19 15:14 7401472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-01-26 11:36 495616 ----a-r- c:\program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-26 08:26 68856 ----a-w- c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program\\Last.fm\\LastFM.exe"=
"c:\\ABAQUS\\6.6-3\\exec\\ABQcaeK.exe"=
"c:\\Program\\proeWildfire 2.0\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program\\proeWildfire 2.0\\i486_nt\\obj\\xtop.exe"=
"c:\\Program\\proeWildfire 2.0\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\Program\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\ABAQUS\\6.9-1\\exec\\ABQcaeK.exe"=
"c:\\ABAQUS\\6.9-1\\exec\\ABQvwrK.exe"=
"c:\\ABAQUS\\6.6-3\\exec\\ABQvwrK.exe"=
"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program\\Azureus\\Azureus.exe"=
"c:\\Program\\TVAnts\\Tvants.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-12 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-08-05 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-05-14 207280]
R2 FLEXlm Service modeFRONTIER 4;FLEXlm Service modeFRONTIER 4;c:\program\ESTECO\modeFRONTIER403\lic\lmgrd.exe [2008-11-10 659456]
R2 Texis Monitor;Texis Monitor;c:\abaqus\Documentation\monitor.exe [2007-03-06 4493312]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-27 31896]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-03-01 27632]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1181328]
S3 ABAQUS FLEXlm License Manager;ABAQUS FLEXlm License Manager;c:\abaqus\License\lmgrd.exe [2007-03-06 1392016]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2010-02-01 49904]
S3 DiinoService;DiinoService;c:\documents and settings\Tomas Andersson\Application Data\Diino\DiinoService_xp_i386.exe [2010-08-31 135168]
S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2007-01-18 30192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program\Spyware Doctor\pctsAuxs.exe [2008-06-25 358600]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-30 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-30 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-30 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-30 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-30 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-30 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-30 90800]
S3 Tomcat6;Apache Tomcat;c:\program\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2007-02-13 53248]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-10-13 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:44]

2010-10-13 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:44]

2010-10-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:44]

2010-10-13 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:44]

2010-10-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:44]

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 09:43]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-02-03 08:42]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-02-03 08:42]

2010-10-13 c:\windows\Tasks\Norton Security Scan for Tomas Andersson.job
- c:\program\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-20 14:45]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6070118
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportera till Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program/proeWildfire%202.0/i486_nt/obj/pvx_install.exe
FF - ProfilePath - c:\documents and settings\Tomas Andersson\Application Data\Mozilla\Firefox\Profiles\ned7ipvy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sv&q=
FF - component: c:\documents and settings\Tomas Andersson\Application Data\Mozilla\Firefox\Profiles\ned7ipvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Tomas Andersson\Application Data\Mozilla\Firefox\Profiles\ned7ipvy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program\Dassault Systemes\3D XML Player\intel_a\code\bin\NP3DXMLPlugin.dll
FF - plugin: c:\program\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program\Personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICY ----
c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe


.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(1752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program\Intel\Wireless\Bin\EvtEng.exe
c:\program\Intel\Wireless\Bin\S24EvMon.exe
c:\program\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\brsvc01a.exe
c:\windows\System32\SCardSvr.exe
c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\brss01a.exe
c:\program\Wave Systems Corp\Common\DataServer.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program\Intel\Wireless\Bin\RegSrvc.exe
c:\program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\program\ESTECO\modeFRONTIER403\lic\esteco.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\program\Apoint\HidFind.exe
c:\program\Apoint\Apntex.exe
c:\program\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Sluttid: 2010-10-13 22:12:43 - datorn startades om.
ComboFix-quarantined-files.txt 2010-10-13 20:12

Före genomsökningen: 24 620 544 000 byte ledigt
Efter genomsökningen: 25 180 610 560 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B54B4750A5A8B678C34238E89BA8848F


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 14 October 2010 - 02:29 PM

Good evening. smile.gif

Fortunately I have the Google Translate plug-in for Firefox which does a good job.

OK, the rule of security programs is one firewall and one anti-virus running in real-time per PC. Conflictions may result from two or more of either and that's a no-no.
As to which you choose to run, that's not something I can really guide you on. No AV is 100% effective, so it's sadly a case of picking the one that you are happiest with and sticking with it until you stop being happy - which is usually just after you get infected!

As far as i'm aware Clamwin doesn't run in real-time, you need to start a scan for it to do anything, so you can keep that, but you need to remove all but one of the other anti-virus programs.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your log doesn't appear to show a third-party software firewall installed - if you have one, and i've missed it, please ignore this.
If you are relying the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.
If you are using a wireless router that comes with a NAT hardware firewall, this also doesn't monitor outgoing connections.

There are a few free firewalls available, of which the following are just three:

Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I think we'll have a second opinion from an online scanner and take it from there. Pay a visit to the ESET Online Scanner.
  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you uncheck the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.


QUOTE
I have usb-disks that might be full of malware now, is it safe to connect them once I managed XP to not autoplay them?

No, as some infections are cleverer than that. We'll worry about them a little later.

QUOTE
I would be very happy the donate to your cause.

Thanks, but neither the site nor I accept donations. In the site's case it is funded in other ways and in mine, I just get tired of refunding the cash when it all goes wrong! whistling.gif

So long, and thanks for all the fish.

 

 


#13 TomasA

TomasA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 15 October 2010 - 01:01 AM

Good morning and thanks again for your help.

The scanner found something bad:

C:\Documents and Settings\Tomas Andersson\Skrivbord\Desk\Privat\KeyGen\keygen.exe a variant of Win32/Keygen.AO application

Is it just to remove the file, or is it more complex than that?

Have a good day.

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:18 PM

Posted 15 October 2010 - 04:43 PM

Good evening. smile.gif

Please download CKScanner By askey127 from hereand save it to your Desktop.
  • Double click CKScanner.exe to begin.
  • Click the Search For Files button and put the kettle on - it will take a few minutes to complete.
  • When the scan has completed, click the Save List To File button and then OK.
  • You should now see a text file called ckfiles.txt on your Desktop - i'd like a copy in your next reply.

So long, and thanks for all the fish.

 

 


#15 TomasA

TomasA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 16 October 2010 - 03:38 AM

Hi
Here is the results.

Best regards
Tomas
----------------

CKScanner - Additional Security Risks - These are not necessarily bad
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-conc-crack-crackdirection.html
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-conc-crack-crackfront.html
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-conc-crack-cracktip.html
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-help-crack-cracksingularity.html
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-help-crack-general.html
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-help-crack-output.html
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-help-crack.html
c:\abaqus\6.6-3\help\htmlfiles\usi-eng-help-seamcrack.html
c:\abaqus\6.6-3\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-failure.html
c:\abaqus\6.6-3\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-model.html
c:\abaqus\6.6-3\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-shear.html
c:\abaqus\6.6-3\help\htmlfiles\usi-prp-mechanical-other-brittlecracking.html
c:\abaqus\6.6-3\include\kmac_brittlecracking.h
c:\abaqus\6.6-3\include\kmao_brittlecracking.h
c:\abaqus\6.6-3\python\lib\kefc_crack.pyc
c:\abaqus\6.6-3\python\lib\kefc_crackcontainer.pyc
c:\abaqus\6.6-3\python\lib\kmac_brittlecracking.pyc
c:\abaqus\6.6-3\python\lib\readerbrittlecracking.pyc
c:\abaqus\6.6-3\python\lib\rgnf_seamcrackcreateprop.pyc
c:\abaqus\6.6-3\python\lib\rgnf_seamcrackdelprop.pyc
c:\abaqus\6.8-2\configuration\icons\ico_cracksmall.xpm
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-conc-crack-crackdirection.html
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-conc-crack-crackfront.html
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-conc-crack-cracktip.html
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-help-crack-cracksingularity.html
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-help-crack-general.html
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-help-crack-output.html
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-help-crack.html
c:\abaqus\6.8-2\help\htmlfiles\usi-eng-help-seamcrack.html
c:\abaqus\6.8-2\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-failure.html
c:\abaqus\6.8-2\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-model.html
c:\abaqus\6.8-2\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-shear.html
c:\abaqus\6.8-2\help\htmlfiles\usi-prp-mechanical-other-brittlecracking.html
c:\abaqus\6.8-2\include\kmao_brittlecracking.h
c:\abaqus\6.8-2\python\lib\kefc_crack.pyc
c:\abaqus\6.8-2\python\lib\kefc_crackcontainer.pyc
c:\abaqus\6.8-2\python\lib\kmac_brittlecracking.pyc
c:\abaqus\6.8-2\python\lib\readerbrittlecracking.pyc
c:\abaqus\6.8-2\python\lib\rgnf_seamcrackcreateprop.pyc
c:\abaqus\6.8-2\python\lib\rgnf_seamcrackdelprop.pyc
c:\abaqus\6.9-1\configuration\icons\ico_cracksmall.xpm
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-conc-crack-crackdirection.html
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-conc-crack-crackfront.html
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-conc-crack-cracktip.html
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-help-crack-cracksingularity.html
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-help-crack-general.html
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-help-crack-output.html
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-help-crack.html
c:\abaqus\6.9-1\help\htmlfiles\usi-eng-help-seamcrack.html
c:\abaqus\6.9-1\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-failure.html
c:\abaqus\6.9-1\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-model.html
c:\abaqus\6.9-1\help\htmlfiles\usi-prp-mechanical-other-brittlecracking-shear.html
c:\abaqus\6.9-1\help\htmlfiles\usi-prp-mechanical-other-brittlecracking.html
c:\abaqus\6.9-1\include\kmao_brittlecracking.h
c:\abaqus\6.9-1\python\lib\kefc_crack.pyc
c:\abaqus\6.9-1\python\lib\kefc_crackcontainer.pyc
c:\abaqus\6.9-1\python\lib\kmac_brittlecracking.pyc
c:\abaqus\6.9-1\python\lib\readerbrittlecracking.pyc
c:\abaqus\6.9-1\python\lib\rgnf_seamcrackcreateprop.pyc
c:\abaqus\6.9-1\python\lib\rgnf_seamcrackdelprop.pyc
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackcax8r_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackcax8r_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackcax8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackcax8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackglcax8r_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackglcax8r_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackglcax8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycrackglcax8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycracksubcax8r_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycracksubcax8r_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycracksubcax8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\2daxpennycracksubcax8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\2dedgecrackcpe8r.for
c:\abaqus\documentation\docs\v6.6\books\eif\2dedgecrackcpe8r_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\2dedgecrackcpe8r_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\3dcrackc3d20.for
c:\abaqus\documentation\docs\v6.6\books\eif\3dcrackc3d20_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\3dcrackc3d20_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\3dellipticcrackc3d20r_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\3dellipticcrackc3d20r_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecrack.inp
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecrackgl.inp
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecracksub.inp
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecracksub_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecracksub_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecrack_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\axisymmconecrack_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\conicalcrack_3dglobal.inp
c:\abaqus\documentation\docs\v6.6\books\eif\conicalcrack_3dsubmodel_rms.inp
c:\abaqus\documentation\docs\v6.6\books\eif\conicalcrack_axiglobal.inp
c:\abaqus\documentation\docs\v6.6\books\eif\conicalcrack_axisubmodel_rms.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackgrowth_cod.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackgrowth_lengthvtime.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackgrowth_model.inp
c:\abaqus\documentation\docs\v6.6\books\eif\cracking.inp
c:\abaqus\documentation\docs\v6.6\books\eif\cracking_ts.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackplate_ls3s.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackplate_ls6_nosym.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackplate_postoutput.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackplate_submodel.inp
c:\abaqus\documentation\docs\v6.6\books\eif\crackplate_surfaceflaw.f
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_linearmassdiff1.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_linearmassdiff2.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_linearstress.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_linear_elements.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_massdiff.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_node.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_quad_elements.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_quarterpmassdiff.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_quarterpstress.inp
c:\abaqus\documentation\docs\v6.6\books\eif\difftocrack_stress.inp
c:\abaqus\documentation\docs\v6.6\books\eif\inelasticlinespring_progcrack.f
c:\abaqus\documentation\docs\v6.6\books\eif\ppennycrack.inp
c:\abaqus\documentation\docs\v6.6\books\eif\ppennycrack_element.inp
c:\abaqus\documentation\docs\v6.6\books\eif\ppennycrack_node.inp
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackanisocpe8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackanisocpe8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackelascpe8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackelascpe8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcracklamcps8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcracklamcps8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackortheccpe8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackortheccpe8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackorthstcpe8_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\slantcrackorthstcpe8_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackglorphan.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackglorphan_elem.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackglorphan_node.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackorphan.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackorphan_elem.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrackorphan_node.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecracksubor.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecracksubor_elem.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecracksubor_node.inp
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecracksub_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecracksub_model.py
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrack_job.py
c:\abaqus\documentation\docs\v6.6\books\eif\symmconecrack_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackcax8r_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackcax8r_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackcax8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackcax8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackglcax8r_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackglcax8r_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackglcax8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycrackglcax8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycracksubcax8r_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycracksubcax8r_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycracksubcax8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\2daxpennycracksubcax8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\2dedgecrackcpe8r.for
c:\abaqus\documentation\docs\v6.7\books\eif\2dedgecrackcpe8r_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\2dedgecrackcpe8r_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\3dcrackc3d20.for
c:\abaqus\documentation\docs\v6.7\books\eif\3dcrackc3d20_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\3dcrackc3d20_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\3dellipticcrackc3d20r_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\3dellipticcrackc3d20r_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecrack.inp
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecrackgl.inp
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecracksub.inp
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecracksub_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecracksub_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecrack_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\axisymmconecrack_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\conicalcrack_3dglobal.inp
c:\abaqus\documentation\docs\v6.7\books\eif\conicalcrack_3dsubmodel_rms.inp
c:\abaqus\documentation\docs\v6.7\books\eif\conicalcrack_axiglobal.inp
c:\abaqus\documentation\docs\v6.7\books\eif\conicalcrack_axisubmodel_rms.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackgrowth_cod.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackgrowth_lengthvtime.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackgrowth_model.inp
c:\abaqus\documentation\docs\v6.7\books\eif\cracking.inp
c:\abaqus\documentation\docs\v6.7\books\eif\cracking_ts.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackplate_ls3s.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackplate_ls6_nosym.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackplate_postoutput.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackplate_submodel.inp
c:\abaqus\documentation\docs\v6.7\books\eif\crackplate_surfaceflaw.f
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_linearmassdiff1.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_linearmassdiff2.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_linearstress.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_linear_elements.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_massdiff.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_quad_elements.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_quarterpmassdiff.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_quarterpstress.inp
c:\abaqus\documentation\docs\v6.7\books\eif\difftocrack_stress.inp
c:\abaqus\documentation\docs\v6.7\books\eif\inelasticlinespring_progcrack.f
c:\abaqus\documentation\docs\v6.7\books\eif\ppennycrack.inp
c:\abaqus\documentation\docs\v6.7\books\eif\ppennycrack_element.inp
c:\abaqus\documentation\docs\v6.7\books\eif\ppennycrack_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackanisocpe8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackanisocpe8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackelascpe8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackelascpe8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcracklamcps8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcracklamcps8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackortheccpe8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackortheccpe8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackorthstcpe8_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\slantcrackorthstcpe8_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackglorphan.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackglorphanadj.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackglorphanadj_elem.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackglorphanadj_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackglorphan_elem.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackglorphan_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackorphan.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackorphan_elem.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrackorphan_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksubor.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksuborsb_far.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksuborsb_far_elem.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksuborsb_far_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksuborsb_near.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksuborsb_near_elem.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksuborsb_near_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksubor_elem.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksubor_node.inp
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksubsb_far_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksubsb_far_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksubsb_near_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksubsb_near_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksub_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecracksub_model.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrack_job.py
c:\abaqus\documentation\docs\v6.7\books\eif\symmconecrack_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackcax8r_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackcax8r_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackcax8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackcax8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackglcax8r_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackglcax8r_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackglcax8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycrackglcax8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycracksubcax8r_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycracksubcax8r_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycracksubcax8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\2daxpennycracksubcax8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\2dedgecrackcpe8r.for
c:\abaqus\documentation\docs\v6.8\books\eif\2dedgecrackcpe8r_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\2dedgecrackcpe8r_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\3dcrackc3d20.for
c:\abaqus\documentation\docs\v6.8\books\eif\3dcrackc3d20_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\3dcrackc3d20_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\3dellipticcrackc3d20r_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\3dellipticcrackc3d20r_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecrack.inp
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecrackgl.inp
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecracksub.inp
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecracksub_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecracksub_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecrack_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\axisymmconecrack_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\conicalcrack_3dglobal.inp
c:\abaqus\documentation\docs\v6.8\books\eif\conicalcrack_3dsubmodel_rms.inp
c:\abaqus\documentation\docs\v6.8\books\eif\conicalcrack_axiglobal.inp
c:\abaqus\documentation\docs\v6.8\books\eif\conicalcrack_axisubmodel_rms.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackgrowth_cod.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackgrowth_lengthvtime.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackgrowth_model.inp
c:\abaqus\documentation\docs\v6.8\books\eif\cracking.inp
c:\abaqus\documentation\docs\v6.8\books\eif\cracking_ts.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackplate_ls3s.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackplate_ls6_nosym.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackplate_postoutput.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackplate_submodel.inp
c:\abaqus\documentation\docs\v6.8\books\eif\crackplate_surfaceflaw.f
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_linearmassdiff1.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_linearmassdiff2.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_linearstress.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_linear_elements.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_massdiff.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_quad_elements.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_quarterpmassdiff.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_quarterpstress.inp
c:\abaqus\documentation\docs\v6.8\books\eif\difftocrack_stress.inp
c:\abaqus\documentation\docs\v6.8\books\eif\inelasticlinespring_progcrack.f
c:\abaqus\documentation\docs\v6.8\books\eif\ppennycrack.inp
c:\abaqus\documentation\docs\v6.8\books\eif\ppennycrack_element.inp
c:\abaqus\documentation\docs\v6.8\books\eif\ppennycrack_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackanisocpe8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackanisocpe8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackelascpe8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackelascpe8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcracklamcps8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcracklamcps8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackortheccpe8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackortheccpe8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackorthstcpe8_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\slantcrackorthstcpe8_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackglorphan.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackglorphanadj.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackglorphanadj_elem.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackglorphanadj_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackglorphan_elem.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackglorphan_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackorphan.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackorphan_elem.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrackorphan_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksubor.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksuborsb_far.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksuborsb_far_elem.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksuborsb_far_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksuborsb_near.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksuborsb_near_elem.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksuborsb_near_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksubor_elem.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksubor_node.inp
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksubsb_far_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksubsb_far_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksubsb_near_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksubsb_near_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksub_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecracksub_model.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrack_job.py
c:\abaqus\documentation\docs\v6.8\books\eif\symmconecrack_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackcax8r_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackcax8r_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackcax8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackcax8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackglcax8r_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackglcax8r_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackglcax8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycrackglcax8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycracksubcax8r_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycracksubcax8r_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycracksubcax8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\2daxpennycracksubcax8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\2dedgecrackcpe8r.for
c:\abaqus\documentation\docs\v6.9\books\eif\2dedgecrackcpe8r_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\2dedgecrackcpe8r_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\3dcrackc3d20.for
c:\abaqus\documentation\docs\v6.9\books\eif\3dcrackc3d20_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\3dcrackc3d20_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\3dellipticcrackc3d20r_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\3dellipticcrackc3d20r_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecrack.inp
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecrackgl.inp
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecracksub.inp
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecracksub_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecracksub_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecrack_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\axisymmconecrack_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\conicalcrack_3dglobal.inp
c:\abaqus\documentation\docs\v6.9\books\eif\conicalcrack_3dsubmodel_rms.inp
c:\abaqus\documentation\docs\v6.9\books\eif\conicalcrack_axiglobal.inp
c:\abaqus\documentation\docs\v6.9\books\eif\conicalcrack_axisubmodel_rms.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackgrowth_cod.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackgrowth_lengthvtime.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackgrowth_model.inp
c:\abaqus\documentation\docs\v6.9\books\eif\cracking.inp
c:\abaqus\documentation\docs\v6.9\books\eif\cracking_ts.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackplate_ls3s.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackplate_ls6_nosym.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackplate_postoutput.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackplate_submodel.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackplate_surfaceflaw.f
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_hole_xfem_cpe4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_hole_xfem_cpe4.py
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_c3d4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_c3d8.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_c3d8.py
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_c3d8r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_cpe4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_cpe4.py
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_cpe4r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_cps4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_mixmode_xfem_cps4r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modeii_xfem_c3d4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modeii_xfem_c3d8.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modeii_xfem_c3d8r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modeii_xfem_cpe4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modeii_xfem_cpe4r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modeii_xfem_cps4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modeii_xfem_cps4r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modei_xfem_c3d4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modei_xfem_c3d8.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modei_xfem_c3d8r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modei_xfem_cpe4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modei_xfem_cpe4r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modei_xfem_cps4.inp
c:\abaqus\documentation\docs\v6.9\books\eif\crackprop_modei_xfem_cps4r.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_linearmassdiff1.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_linearmassdiff2.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_linearstress.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_linear_elements.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_massdiff.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_quad_elements.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_quarterpmassdiff.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_quarterpstress.inp
c:\abaqus\documentation\docs\v6.9\books\eif\difftocrack_stress.inp
c:\abaqus\documentation\docs\v6.9\books\eif\inelasticlinespring_progcrack.f
c:\abaqus\documentation\docs\v6.9\books\eif\ppennycrack.inp
c:\abaqus\documentation\docs\v6.9\books\eif\ppennycrack_element.inp
c:\abaqus\documentation\docs\v6.9\books\eif\ppennycrack_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackanisocpe8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackanisocpe8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackelascpe8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackelascpe8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcracklamcps8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcracklamcps8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackortheccpe8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackortheccpe8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackorthstcpe8_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\slantcrackorthstcpe8_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackglorphan.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackglorphanadj.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackglorphanadj_elem.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackglorphanadj_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackglorphan_elem.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackglorphan_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackgl_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackgl_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackorphan.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackorphan_elem.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrackorphan_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksubor.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksuborsb_far.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksuborsb_far_elem.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksuborsb_far_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksuborsb_near.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksuborsb_near_elem.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksuborsb_near_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksubor_elem.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksubor_node.inp
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksubsb_far_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksubsb_far_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksubsb_near_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksubsb_near_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksub_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecracksub_model.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrack_job.py
c:\abaqus\documentation\docs\v6.9\books\eif\symmconecrack_model.py
c:\documents and settings\tomas andersson\skrivbord\desk\desk2\ptc.pro.engineer.wildfire.v2.0.win32-oddity\crack\ptc_proe_wf2.dat
c:\documents and settings\tomas andersson\skrivbord\desk\desk2\ptc.pro.engineer.wildfire.v2.0.win32-oddity\crack\ptc_proe_wf2_keygen.exe
c:\documents and settings\tomas andersson\skrivbord\desk\privat\keygen\install notes.txt
c:\documents and settings\tomas andersson\skrivbord\desk\privat\keygen\keygen.exe
c:\program\matlab71\toolbox\pde\crackb.m
c:\program\matlab71\toolbox\pde\crackg.m
c:\program\matlab71\toolbox\pde\ja\crackb.m
c:\program\matlab71\toolbox\pde\ja\crackg.m
c:\program\musicmatch\musicmatch update\mmjb\crypt.dll
c:\python27\lib\site-packages\numpy\f2py\crackfortran.py
c:\python27\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\python27\lib\site-packages\numpy\f2py\crackfortran.pyo
scanner sequence 3.ZZ.11
----- EOF -----





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users