Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Hijacked


  • This topic is locked This topic is locked
9 replies to this topic

#1 MHK

MHK

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 19 January 2010 - 02:29 PM

Starting my computer results in IE8 going to http://finance-help.info/finance/finance-i...ments-tips.html and some other websites at random. Please help.

I have used Spybot and Adaware with no result.

I previously had the same problem but it went away after I uninstalled Google Desktop. Today I had a problem attaching files on my Google supported university webmail server and downloaded new Flash as advised by Google on their Settings link. The link downloaded Flash 10 and a McAfee upgrade. The rogue IE hijack has now reappeared.

I am pasting the HijackThis File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:25, on 19/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\dpmw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/a/soas.ac.uk/#
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE /NOSPLASH
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.indiapress.org/pfr/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/41.22/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139317653031
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Intel Corporation - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: OracleForms81ClientCache80 - Unknown owner - C:\Orant\BIN\ONRSD80.EXE
O23 - Service: Oracle Forms Server [Forms60Server-Orant] (OracleFormsServer-Forms60Server-Orant) - Unknown owner - (no file)
O23 - Service: OracleOra817ClientCache - Unknown owner - C:\oracle817\BIN\ONRSD.EXE
O23 - Service: OracleOrantClientCache - Unknown owner - C:\oracle817\bin\ONRSD.EXE
O23 - Service: OracleOrantClientCache80 - Unknown owner - C:\Orant\BIN\ONRSD80.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 10787 bytes




I also saw a similar problem reported by Van1313Van on this forum. He was advised to run OTL with the following pasted in the scan box:
(netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT).

As the problem only emerged today, I have only checked files a day old. Pasting the results:



OTL logfile created on: 19/01/2010 16:22:44 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Mk17\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 22.82 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 98Z0Y2J
Current User Name: Mk17
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 1 Day
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 16:10:19 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mk17\Desktop\OTL.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 17:14:13 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/12/22 03:27:54 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\SYSTEM32\nwtray.exe
PRC - [2007/12/22 03:27:50 | 00,036,864 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\SYSTEM32\dpmw32.exe
PRC - [2007/06/07 16:34:25 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/21 10:19:58 | 00,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 10:17:42 | 00,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/01/13 16:47:04 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxtray.exe
PRC - [2006/11/30 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/07/07 23:14:38 | 00,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/06/28 14:50:02 | 00,040,960 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\SYSTEM32\iprntctl.exe
PRC - [2003/11/14 08:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/19 16:10:19 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mk17\Desktop\OTL.exe
MOD - [2008/04/14 00:12:01 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll
MOD - [2003/11/14 08:50:00 | 00,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/11/14 08:50:00 | 00,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soas.ac.uk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.soas.ac.uk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soas.ac.uk
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soas.ac.uk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.soas.ac.uk
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soas.ac.uk
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/a/soas.ac.uk/?accou...7%40soas.ac.uk#
IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\S-1-5-21-1533290449-3433164942-1177562696-1044\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en-GB"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "192.168.16.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "192.168.16.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "192.168.16.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.16.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.16.1"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/01 12:36:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/01/01 23:38:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/08/19 00:42:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/01 23:38:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/31 19:57:32 | 00,000,000 | ---D | M]

[2009/02/21 16:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mk17\Application Data\Mozilla\Extensions
[2010/01/01 02:36:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mk17\Application Data\Mozilla\Firefox\Profiles\3j4u87ta.default\extensions
[2007/11/13 09:50:02 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mk17\Application Data\Mozilla\Firefox\Profiles\3j4u87ta.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/08/30 12:21:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mk17\Application Data\Mozilla\Firefox\Profiles\3j4u87ta.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/02/21 16:49:34 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mk17\Application Data\Mozilla\Firefox\Profiles\3j4u87ta.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/31 19:54:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/28 13:32:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2007/03/09 10:35:00 | 00,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
[2008/01/22 12:15:24 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll

O1 HOSTS File: ([2009/12/31 18:12:19 | 00,371,208 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12797 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxdjamon] C:\Program Files\Lexmark 1400 Series\lxdjamon.exe (Lexmark)
O4 - HKLM..\Run: [LXDJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\SYSTEM32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\SYSTRAY.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\SYSTEM32\zentray.exe (Novell, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\SYSTEM32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SYSTEM32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwa...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1139317653031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell, Inc.)
O20 - HKLM Winlogon: GinaDLL - (NWGina.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1533290449-3433164942-1177562696-1044 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9051202701-7877303951-362409534-7048\MsMxEng.exe) - C:\RECYCLER\S-1-5-21-9051202701-7877303951-362409534-7048\MsMxEng.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mk17\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mk17\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 11:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2234b918-e3cd-11de-a3ef-001b77204002}\Shell\AutoRun\command - "" = E:\winampxml\winxml.exe -- File not found
O33 - MountPoints2\{2234b918-e3cd-11de-a3ef-001b77204002}\Shell\explore\command - "" = E:\winampxml\winxml.exe -- File not found
O33 - MountPoints2\{2234b918-e3cd-11de-a3ef-001b77204002}\Shell\open\command - "" = E:\winampxml\winxml.exe -- File not found
O33 - MountPoints2\{28ed1b83-e3f6-11de-a3f0-001b77204002}\Shell - "" = AutoRun
O33 - MountPoints2\{28ed1b83-e3f6-11de-a3f0-001b77204002}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28ed1b83-e3f6-11de-a3f0-001b77204002}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{28ed1b86-e3f6-11de-a3f0-001b77204002}\Shell - "" = AutoRun
O33 - MountPoints2\{28ed1b86-e3f6-11de-a3f0-001b77204002}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28ed1b86-e3f6-11de-a3f0-001b77204002}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{46c7beff-a86b-11de-a3be-001b77204002}\Shell - "" = AutoRun
O33 - MountPoints2\{46c7beff-a86b-11de-a3be-001b77204002}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61de4c2e-ccb1-11dd-a2b4-001b77204002}\Shell - "" = AutoRun
O33 - MountPoints2\{61de4c2e-ccb1-11dd-a2b4-001b77204002}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61de4c2e-ccb1-11dd-a2b4-001b77204002}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{61de4c2f-ccb1-11dd-a2b4-001b77204002}\Shell - "" = AutoRun
O33 - MountPoints2\{61de4c2f-ccb1-11dd-a2b4-001b77204002}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{acf457d5-15cd-11dd-a161-001b77204002}\Shell\Auto\command - "" = sal.xls.exe
O33 - MountPoints2\{acf457d5-15cd-11dd-a161-001b77204002}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc57ccf4-3177-11dd-a18e-001b77204002}\Shell - "" = AutoRun
O33 - MountPoints2\{dc57ccf4-3177-11dd-a18e-001b77204002}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc57ccf4-3177-11dd-a18e-001b77204002}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{fd8f66fa-97c1-11d9-b16f-000d56ef89d9}\Shell\AutoRun\command - "" = G:\
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/10/11 23:20:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 1 Day ==========

[2010/01/19 16:10:12 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mk17\Desktop\OTL.exe
[2009/04/19 12:45:57 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjusb1.dll
[2009/04/19 12:45:57 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjinpa.dll
[2009/04/19 12:45:57 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjiesc.dll
[2009/04/19 12:45:57 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhcp.dll
[2009/04/19 12:45:56 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjserv.dll
[2009/04/19 12:45:56 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpmui.dll
[2009/04/19 12:45:56 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjprox.dll
[2009/04/19 12:45:56 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpplc.dll
[2009/04/19 12:45:55 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjlmpm.dll
[2009/04/19 12:45:54 | 00,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhbn3.dll
[2009/04/19 12:45:52 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomc.dll
[2009/04/19 12:45:52 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomm.dll
[1979/12/31 23:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 1 Day ==========

[2010/01/19 16:23:00 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76A9F578-27BF-42A8-9091-FD92A3247FD6}.job
[2010/01/19 16:10:19 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mk17\Desktop\OTL.exe
[2010/01/19 16:07:03 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Mk17\ntuser.dat
[2010/01/19 16:07:03 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Mk17\NTUSER.INI
[2010/01/19 16:05:27 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/19 15:25:19 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/19 14:14:57 | 00,001,526 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/01/19 14:12:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/19 13:32:17 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/19 13:32:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/19 13:32:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/19 13:32:12 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/19 13:29:55 | 00,000,258 | RHS- | M] () -- C:\Documents and Settings\Mk17\ntuser.pol
[2010/01/19 13:29:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 13:29:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/19 12:47:51 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdjvs.dll
[2009/04/19 12:47:47 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdjcoin.dll
[2009/04/19 12:46:13 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdjrwrd.ini
[2009/04/19 12:45:58 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\lxdjinst.dll
[2009/04/19 12:45:53 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdjgrd.dll
[2009/02/12 07:34:50 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/02/12 07:34:49 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/02/12 07:34:29 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/02/12 07:34:29 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/02/12 07:34:28 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/10/16 20:33:55 | 00,000,721 | ---- | C] () -- C:\WINDOWS\{5DAE9BE7-CFA3-46AD-981A-E51FBA76DBAB}.ini
[2008/10/16 20:33:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\{5DAE9BE7-CFA3-46AD-981A-E51FBA76DBAB}.ini
[2008/09/05 01:43:00 | 00,030,688 | ---- | C] () -- C:\Program Files\EPWtemp.xls
[2008/08/16 00:50:31 | 00,038,462 | ---- | C] () -- C:\Documents and Settings\Mk17\Application Data\Comma Separated Values (Windows).ADR
[2007/10/24 18:48:49 | 00,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2007/09/27 20:05:06 | 00,000,399 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/22 20:47:42 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
[2007/08/21 07:21:35 | 03,076,141 | ---- | C] () -- C:\WINDOWS\System32\MSOWC.DLL
[2007/06/14 00:47:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PictNav.INI
[2007/06/09 23:16:47 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2007/06/09 23:16:47 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2007/06/09 23:14:19 | 00,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2007/06/09 23:13:58 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2007/06/09 23:13:47 | 00,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2007/06/09 23:13:47 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2007/06/08 01:43:51 | 00,001,526 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/06/07 22:08:33 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Mk17\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/06 20:35:43 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/06/06 18:33:18 | 00,000,516 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2007/06/06 18:33:18 | 00,000,103 | ---- | C] () -- C:\WINDOWS\PAEDIT.INI
[2007/06/06 18:32:33 | 00,001,709 | ---- | C] () -- C:\WINDOWS\IF40LE.INI
[2007/06/06 18:32:33 | 00,000,256 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[2007/06/06 18:18:15 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/06/06 18:18:15 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A517D942A1.sys
[2007/06/05 12:26:46 | 00,159,744 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2007/06/05 12:26:37 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ush2.dll
[2007/06/05 12:26:37 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2007/06/05 11:41:18 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Mk17\Application Data\sversion.ini
[2007/06/05 11:41:17 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Mk17\Local Settings\Application Data\fusioncache.dat
[2007/05/23 16:20:45 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/05/23 14:56:15 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/05/23 14:56:12 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/23 14:56:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/23 14:56:10 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/23 14:56:10 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/21 09:04:29 | 00,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2007/03/02 10:20:04 | 00,001,896 | ---- | C] () -- C:\Program Files\JkDefrag.log
[2007/03/02 10:20:02 | 00,135,168 | ---- | C] () -- C:\Program Files\JkDefrag.exe
[2007/03/02 10:00:12 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/06/09 12:11:40 | 00,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/08 13:00:40 | 00,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2006/02/08 11:29:42 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/02/08 11:29:42 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/02/08 11:27:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2006/02/08 11:27:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2006/02/08 11:27:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2005/07/20 15:40:54 | 00,208,960 | ---- | C] () -- C:\WINDOWS\System32\uniteoci.dll
[2005/05/16 15:30:19 | 00,002,698 | ---- | C] () -- C:\WINDOWS\wcat.ini
[2005/05/16 15:29:36 | 00,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2005/05/12 12:52:34 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2004/12/17 11:45:54 | 00,000,183 | ---- | C] () -- C:\WINDOWS\CLEARING.INI
[2004/12/17 11:45:50 | 00,000,144 | ---- | C] () -- C:\WINDOWS\MARVCREA.INI
[2004/12/17 11:45:37 | 00,000,397 | ---- | C] () -- C:\WINDOWS\RASR.INI
[2004/12/17 11:45:29 | 00,000,094 | ---- | C] () -- C:\WINDOWS\DUPSTU.INI
[2004/12/17 11:43:06 | 00,000,100 | ---- | C] () -- C:\WINDOWS\EVENT.INI
[2004/12/16 16:12:43 | 00,000,739 | ---- | C] () -- C:\WINDOWS\SQUALS.INI
[2004/12/16 16:03:02 | 00,000,146 | ---- | C] () -- C:\WINDOWS\OFFERLIB.INI
[2004/12/16 16:02:23 | 00,000,157 | ---- | C] () -- C:\WINDOWS\MARVLOAD.INI
[2004/12/16 15:59:44 | 00,000,745 | ---- | C] () -- C:\WINDOWS\AQUALS.INI
[2004/12/16 15:59:00 | 00,000,436 | ---- | C] () -- C:\WINDOWS\ADMSDLTR.INI
[2004/12/16 14:47:27 | 00,000,016 | ---- | C] () -- C:\WINDOWS\Assessments.ini
[2004/12/16 12:24:24 | 00,000,251 | ---- | C] () -- C:\WINDOWS\Scribe.ini
[2004/12/13 12:45:37 | 00,000,539 | ---- | C] () -- C:\WINDOWS\ENROL.INI
[2004/12/13 12:43:23 | 00,000,390 | ---- | C] () -- C:\WINDOWS\APPLDETS.INI
[2004/11/22 15:26:44 | 00,000,723 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/19 16:54:04 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2004/11/19 16:40:17 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004/11/19 16:40:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2004/11/19 16:40:14 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2004/11/19 16:39:55 | 00,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2004/11/19 16:39:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2004/11/19 16:39:32 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2004/11/19 16:39:25 | 00,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2004/11/19 16:39:03 | 00,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2004/11/19 16:38:51 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004/10/11 23:49:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/11 23:36:52 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/11 23:24:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/13 10:41:56 | 00,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL
[2004/08/20 18:04:14 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\VLMenuRes.dll
[2004/03/20 12:21:34 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/19 16:37:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/07/08 13:41:48 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/03/26 09:47:28 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/05 10:49:14 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\VlUtils.dll
[2002/07/05 13:43:08 | 00,054,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\phw2ksys.sys
[2001/10/28 17:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2000/07/11 14:01:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Ditalib.dll
[2000/05/05 15:23:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\Qaproea.dll
[2000/02/16 09:55:42 | 00,466,432 | ---- | C] () -- C:\WINDOWS\System32\qapuiek.dll
[1999/11/10 09:59:40 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\Qarapea.dll
[1999/11/10 09:59:38 | 00,650,752 | ---- | C] () -- C:\WINDOWS\System32\Qapuieb.dll
[1999/08/07 01:05:16 | 00,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[1999/07/30 08:24:34 | 00,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
[1997/09/03 13:32:04 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\Ditaoc32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/11/19 14:31:33 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/12/31 23:45:00 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2009/12/31 23:45:00 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 06:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/03/19 16:43:04 | 10,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2004/03/19 16:43:04 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/11/19 14:31:33 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/12/31 23:45:00 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2009/12/31 23:45:00 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 00:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2002/08/29 00:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0021\DriverFiles\i386\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0032\DriverFiles\i386\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0040\DriverFiles\i386\atapi.sys
[2004/08/04 04:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0041\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 07:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 00:11:51 | 01,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\comsvcs.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL also created an EXtras.txt file:

OTL Extras logfile created on: 19/01/2010 16:22:44 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Mk17\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 22.82 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 98Z0Y2J
Current User Name: Mk17
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 1 Day
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1505:UDP" = 1505:UDP:*:Enabled:Proxy
"210:TCP" = 210:TCP:*:Enabled:Z389
"210:UDP" = 210:UDP:*:Enabled:Z389
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\mqsvc.exe" = C:\WINDOWS\SYSTEM32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener -- (Novell, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe" = C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe:*:Enabled:ZenRem32 -- (Novell Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\WINDOWS\SYSTEM32\mqsvc.exe" = C:\WINDOWS\SYSTEM32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdjtime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdjtime.exe:*:Enabled: -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0AE19D89-17A9-404D-932A-FAAF43F3C77E}" = SPSS 14.0 for Windows
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0FA45F58-7259-4E52-81B2-1DEB3D00B244}" = UNIT-e Information Interface
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19E2B353-CA77-40AD-8A1A-CF36CFA412D9}" = Modular 5.16
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{2CFE4799-CB85-456C-AABE-9BA2D02D81DB}" = Sky Broadband
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42E7E957-1F70-449C-9272-AE6D9E98D590}" = UNIT-e UI Workstation
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BF1F33A-9E29-41FC-B59C-D3B571494978}" = OCLC Connexion client
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}" = EndNote 9.0.1 Volume License Edition
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{901E0401-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Arabic User Interface Pack
"{901E0404-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Chinese (Traditional) User Interface Pack
"{901E0411-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Japanese User Interface Pack
"{901E0412-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Korean User Interface Pack
"{901E0804-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Chinese (Simplified) User Interface Pack
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{987AE1EA-9AF0-484D-A0F9-11A2E0EB4AA0}" = OpenOffice.org 2.0
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A023EDD5-CD0B-48FB-9A98-2BCFC3D33D37}" = .NET Framework Enterprise Code Access Security Policy
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A602A637-877B-11D6-BA31-00201857C6C8}" = Modular Support Set
"{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-2447-5A64-7E8A45000001}" = Adobe Reader Chinese Simplified Fonts
"{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts
"{AC76BA86-7AD7-5676-5A64-7E8A45000001}" = Adobe Reader Korean Fonts
"{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6828215-1469-43A2-8BEE-F5A970F98161}" = Microsoft Office 2003 International Character Toolbar
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BA20E598-77E9-4B66-B777-E7A67EC6B5A7}" = MindGenuis Enterprise Education
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF735681-B3F8-11D3-86D0-0050DA139552}" = OCLC Arabic
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4764AA3-2ECE-4E84-90AC-4B478E698878}" = OCLC CJK
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA621265-B692-11D4-8526-00A0243F43C0}" = ProxyHost4.0
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF4F620F-F295-41D7-92C0-6B635709C850}" = Nokia Software Updater
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F546B406-0D88-470D-9F30-708D6EE957E9}" = ZENworks for Desktops Management Agent
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.1.0 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"alotToolbar" = ALOT Toolbar
"Annual Survey of Industries 1973-74 to 2003-04" = Annual Survey of Industries 1973-74 to 2003-04
"Audacity_is1" = Audacity 1.2.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bookshelf 2k" = Bookshelf 2000
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Concise Oxford Dictionary (Tenth Edition)" = Concise Oxford Dictionary (Tenth Edition)
"Corel Remove Program" = Corel Business Applications
"FastStone Image Viewer" = FastStone Image Viewer 3.8
"Foxit Reader" = Foxit Reader
"GalleryPlayer Images" = GalleryPlayer Images
"gAttach!_is1" = gAttach!
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Hotkey Search Tool" = Hotkey Search Tool
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"if40leUninstall" = Presto! ImageFolio LE
"ImgBurn" = ImgBurn (Remove Only)
"Innovative Millennium" = Innovative Millennium
"Innovative Millennium Offline Circulation" = Innovative Millennium Offline Circulation
"InstallShield_{19E2B353-CA77-40AD-8A1A-CF36CFA412D9}" = Modular 5.16
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"JukeBox Tools" = JukeBox Tools
"LexicoCleverKeys_is1" = CleverKeys 2.00
"Lexmark 1400 Series" = Lexmark 1400 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla (1.7.8)" = Mozilla (1.7.8)
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Novell Client for Windows" = Novell Client for Windows
"Novell iPrint Client" = Novell iPrint Client v04.11.00
"NSSSetup.{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"PAUninstall" = Presto! PhotoAlbum
"Picture Navigator" = Picture Navigator
"PMUninstall" = Presto! Mr. Photo
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Protivasoft Lekhok Pro 1.0" = Protivasoft Lekhok Pro 1.0
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.85
"SecureW2 Client" = SecureW2 Client 3.1.2
"Security Task Manager" = Security Task Manager 1.7e
"SHARP AR-351/355/451/455 Series PCL Printer Driver" = SHARP AR-351/355/451/455 Series PCL Printer Driver
"ST6UNST #1" = UNIT-e Office Builder 2000
"ST6UNST #2" = SDP 1960-2001
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PreviewIt_is1" = PreviewIt for GoogleDesktop 0.1a

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Edited by MHK, 19 January 2010 - 06:10 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:54 PM

Posted 25 January 2010 - 09:48 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log

Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 MHK

MHK
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 25 January 2010 - 04:17 PM

Dear Elise, Thank you so much for replying. Am at my wits end.

Problem: At startup using my username mk17 (this does not happen when I start as administrator), IE8 automatically opens up at one of a number of investment sites: hxxp://big-goals.info/biz/setting-investing-goals.html OR
hxxp://finance-help.info/finance/finance-i...ments-tips.html OR hxxp://learn4earn.net/biz/investing-money.html. They do not appear to be harmful sites but I am worried other things might be happening in the background.

I have tried making Firefox by default browser, but this just makes Firefox start up.

McAfee could not find any problem. My web research suggested a msmxeng.exe virus and following other posts on bleepingcomputer I downloaded and ran DrWeb. This indeed identified an msmxeng.exe but could not cure. The log is as follows:

lxdjuldr.dll;C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3;Probably DLOADER.Trojan;Incurable.Deleted.;
lxdjuldr.dll;C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\lexmark_1400_series9ca2;Probably DLOADER.Trojan;Incurable.Deleted.;
347.exe;C:\DOCUME~1\Mk17\LOCALS~1\Temp;Win32.HLLW.Lime.18;Deleted.;
387.exe;C:\DOCUME~1\Mk17\LOCALS~1\Temp;BackDoor.IRC.Sdbot.8011;Deleted.;
562.exe;C:\DOCUME~1\Mk17\LOCALS~1\Temp;BackDoor.IRC.Sdbot.8011;Deleted.;
949.exe;C:\DOCUME~1\Mk17\LOCALS~1\Temp;BackDoor.IRC.Sdbot.8136;Deleted.;
984.exe;C:\DOCUME~1\Mk17\LOCALS~1\Temp;Win32.HLLW.Lime.146;Incurable.Moved.;
msmxeng.exe;c:\recycler\s-1-5-21-3459085805-4680954190-874721589-2706;BackDoor.IRC.Sdbot.8136;Cannot cure;

However, I then replaced McAfee with Microsoft Security Essentials which identified several viruses and removed them from my computer and also from attached usb devices like flash drives and an external hard drive. The viruses were:
VirTool:Win32/DelfInject.gen!BE and Trojan:Win32/Malat. The Items list showed
File:G:\avast\avast32.exe
File:H:\avast\avast32.exe
file:G:\smass\safemass.exe
filelocalcopy:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{793583A6-D099-47B9-B867-A8C1BF4C88E5}-safemass.exe
file:E:\avira\avira32.exe
filelocalcopy:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{44F98495-C1FD-40A1-8E38-627B52043ECA}-avira32.exe
file:F:\winguard\wwload.exe
filelocalcopy:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9F7EB021-4655-40C7-A315-E45257536C30}-wwload.exe

I also changed the name of the folder in recycler to 'dumb'. After this running DrWeb showed no infections. The problem then disappeared for a day but has now returned again! This time neither DrWeb nor Microsoft Security find any infection but the IE8 still opens on the same sites though for some of them it says 'link broken'

I am pasting the DDS results in DDS.txt and Attach.txt. I could run this without switching off Microsoft Securiy and I wanted to run it as user mk17 because this is where the problem is. Unfortunately GMER would not run and when I ran GMER as administrator after switching off Microsoft Security, XP crashed and the frightening blue screen came on saying my computer has been switched off. Fortunately it has restarted again. But I do not have a GMER.log

DDS.txt and Attach.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mk17 at 20:21:23.60 on 25/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.587 [GMT 0:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\dpmw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Mk17\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://mail.google.com/a/soas.ac.uk/?accou...7%40soas.ac.uk#
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: System=ziswin.exe
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-2078625723-1560660573-630062935-1983\MsMxEng.exe
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE /NOSPLASH
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SystemTray] SysTray.Exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [LXDJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDJtime.dll,_RunDLLEntry@16
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139317653031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwv1_0
LSA: Notification Packages = scecli
IFEO: AutorunsDisabled - ntsd -d
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mk17\applic~1\mozilla\firefox\profiles\3j4u87ta.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en-GB
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\mk17\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2006-2-8 34671]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2003-3-18 4768]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-3-19 14336]
R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [2003-3-18 4043]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-3-2 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [2003-3-18 4080]
R2 Remote Management Agent;Novell ZfD Remote Management;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2003-10-22 135168]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2007-5-21 9176]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2003-3-18 2773]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-3-2 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-3-2 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-3-2 168776]
R3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\novell\nscmnt.sys [2004-3-3 25616]
S2 OracleFormsServer-Forms60Server-Orant;Oracle Forms Server [Forms60Server-Orant]; [x]
S3 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S3 OracleForms81ClientCache80;OracleForms81ClientCache80;c:\orant\bin\ONRSD80.EXE [2004-9-13 101136]
S3 OracleOra817ClientCache;OracleOra817ClientCache;c:\oracle817\bin\ONRSD.EXE [2000-10-19 411244]
S3 OracleOrantClientCache;OracleOrantClientCache;c:\oracle817\bin\ONRSD.EXE [2000-10-19 411244]
S3 OracleOrantClientCache80;OracleOrantClientCache80;c:\orant\bin\ONRSD80.EXE [2004-9-13 101136]
S3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\novell\xauthnt.sys [2004-3-24 11640]
S4 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\WolSerNT.exe [2003-3-18 49152]

=============== Created Last 30 ================

2010-01-23 21:57:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-23 21:33:37 0 d-----w- C:\b6872f7006225829efdb8d227aa078
2010-01-22 23:34:43 0 d-----w- c:\documents and settings\mk17\DoctorWeb
2010-01-06 06:29:29 0 d-----w- C:\QUARANTINE
2010-01-04 21:53:56 0 d-----w- c:\program files\VS Revo Group
2010-01-01 21:16:28 0 d-----w- c:\program files\Trend Micro
2010-01-01 12:37:00 0 d-----w- c:\program files\common files\PCSuite
2010-01-01 12:34:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-01 12:34:46 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-31 23:37:49 276992 ------w- c:\windows\system32\wmphoto.dll
2009-12-31 23:37:45 69120 ------w- c:\windows\system32\wlanapi.dll
2009-12-31 23:37:43 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-12-31 23:37:43 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-12-31 23:37:18 50688 ------w- c:\windows\system32\tspkg.dll
2009-12-31 23:37:17 53248 ------w- c:\windows\system32\tsgqec.dll
2009-12-31 23:35:59 33792 ------w- c:\windows\system32\mmcperf.exe
2009-12-31 23:35:59 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-12-31 23:35:58 397312 ------w- c:\windows\system32\mmcex.dll
2009-12-31 23:35:58 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-12-31 23:35:48 677888 ------w- c:\windows\system32\mstsc.exe
2009-12-31 23:35:17 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-12-31 23:35:16 61440 ------w- c:\windows\system32\kmsvc.dll
2009-12-31 23:35:14 6144 ------w- c:\windows\system32\kbdpash.dll
2009-12-31 23:35:13 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-12-31 23:35:13 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-12-31 23:35:13 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-12-31 23:34:25 10752 ------w- c:\windows\system32\smtpapi.dll
2009-12-31 23:34:24 9728 ------w- c:\windows\system32\rwnh.dll
2009-12-31 23:34:23 974 ------w- c:\windows\system32\pid.inf
2009-12-31 23:34:06 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-31 22:34:42 0 dc-h--w- c:\windows\ie8
2009-12-31 19:58:41 0 d-----w- C:\Downloads
2009-12-31 13:24:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 13:24:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-01-14 11:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-16 01:01:45 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-10-26 17:26:56 30688 ------w- c:\program files\EPWtemp.xls
2007-05-21 09:42:29 1896 ----a-w- c:\program files\JkDefrag.log
2007-01-20 18:17:20 135168 ----a-w- c:\program files\JkDefrag.exe
2009-02-15 02:40:06 88 --sh--r- c:\windows\system32\A517D942A1.sys
2009-02-15 02:40:08 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:22:03.35 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 18/11/2004 16:07:31
System Uptime: 25/01/2010 16:52:42 (4 hours ago)

Motherboard: Dell Inc. | | 0NF743
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | Microprocessor | 1655/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 22.374 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

.NET Framework Enterprise Code Access Security Policy
Adobe Acrobat 7.0 Standard
Adobe Acrobat 7.1.0 Standard
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Reader Japanese Fonts
Adobe Reader Korean Fonts
Adobe Shockwave Player 11.5
ALOT Toolbar
ALPS Touch Pad Driver
Annual Survey of Industries 1973-74 to 2003-04
Apple Software Update
Audacity 1.2.6
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bookshelf 2000
Broadcom 440x 10/100 Integrated Controller
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
CCleaner
ClearType Tuning Control Panel Applet
CleverKeys 2.00
Compatibility Pack for the 2007 Office system
Concise Oxford Dictionary (Tenth Edition)
Conexant HDA D110 MDC V.92 Modem
Corel Business Applications
Corel Photo Album 6
CorelDRAW Graphics Suite 12
Crystal Reports for .NET Framework 2.0 (x86)
CyberLink MediaShow
Easy CD Creator 5 Basic
EndNote 9.0.1 Volume License Edition
FastStone Image Viewer 3.8
Foxit Reader
GalleryPlayer Images
gAttach!
Google Toolbar for Internet Explorer
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Hotkey Search Tool
ImgBurn (Remove Only)
Innovative Millennium
Innovative Millennium Offline Circulation
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
JukeBox Tools
Lexmark 1400 Series
Logitech Desktop Messenger
Logitech MouseWare 9.79
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
McAfee VirusScan Enterprise
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Arabic User Interface Pack
Microsoft Office 2003 Chinese (Simplified) User Interface Pack
Microsoft Office 2003 Chinese (Traditional) User Interface Pack
Microsoft Office 2003 International Character Toolbar
Microsoft Office 2003 Japanese User Interface Pack
Microsoft Office 2003 Korean User Interface Pack
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Report Viewer Redistributable 2005
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MindGenuis Enterprise Education
mIWA
mLogView
mMHouse
Modular 5.16
Modular Support Set
Mozilla (1.7.8)
Mozilla Firefox (3.5.6)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSVC80_x86
MSVC80_x86_v2
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
NMAS Challenge Response Method
NMAS Client
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Novell Client for Windows
Novell iPrint Client v04.11.00
NVIDIA Drivers
Nvu 1.0
OCLC Arabic
OCLC CJK
OCLC Connexion client
OGA Notifier 2.0.0048.0
OMCI
OpenOffice.org 2.0
PC Connectivity Solution
PDFCreator 0.8.0
Picture Navigator
PictureProject
PowerDVD 5.1
Presto! ImageFolio LE
Presto! Mr. Photo
Presto! PhotoAlbum
PreviewIt for GoogleDesktop 0.1a
Protivasoft Lekhok Pro 1.0
ProxyHost4.0
QuickTime
RealPlayer
Recuva (remove only)
Revo Uninstaller 1.85
SDP 1960-2001
SecureW2 Client 3.1.2
Security Task Manager 1.7e
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB972270)
SHARP AR-351/355/451/455 Series PCL Printer Driver
SigmaTel Audio
Sky Broadband
SoundMAX
SPSS 14.0 for Windows
UNIT-e Information Interface
UNIT-e Office Builder 2000
UNIT-e UI Workstation
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB955759)
User Profile Hive Cleanup Service
VideoLAN VLC media player 0.8.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinZip
Yahoo! Toolbar
ZENworks for Desktops Management Agent
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

23/01/2010 17:20:30, error: DCOM [10005] - DCOM got error "%3" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

==== End Of File ===========================

Edited by elise025, 26 January 2010 - 04:27 AM.
Deactivate links


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:54 PM

Posted 26 January 2010 - 04:35 AM

Hello MHK,

Well, I see where the problem is, lets see if Combofix will take care of it smile.gif

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 MHK

MHK
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 26 January 2010 - 10:29 PM

Dear Elise,

I have downloaded Combofix but I saw in the discussions there were some issues which resulted in files being deleted. I am currently finishing a vital project which is due on Monday the 1st of Feb so if you allow me, I will run Combofix on Monday as I don't have any time to recover files if things go wrong. As Monday is the sixth day from today counting today, please don't close my topic. I will come back with the Combofix results on Monday. Thanks

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:54 PM

Posted 27 January 2010 - 02:16 AM

Okay, thats no problem, thanks for letting me know, I'll keep this open untill 1 february and then bump the topic smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:54 PM

Posted 03 February 2010 - 09:48 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 MHK

MHK
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 03 February 2010 - 02:20 PM

Dear Elise,
Thanks for bearing with me. It seems the problem has been resolved by Microsoft Security Essentials and if so this may be useful for others affected by this worm. I had loaded MSE to replace McAfee because the latter could not identify the MsMxEng.exe worm. Initially MSE did not either but after a couple of days (I have a daily scan scheduled) it noticed a suspicious programme which was exactly the one I suspected. It asked if it could send the info to Microsoft for analysis. I said yes and then nothing happened for two days. Late last night the information came back and MSE warned me of a severe infection and then removed the following:

file:C:\RECYCLER\S-1-5-21-6973360881-1209443372-962408885-9712\MsMxEng.exe
winlogonshell:HKCU@S-1-5-21-1533290449-3433164942-1177562696-1044\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:C:\RECYCLER\S-1-5-21-6973360881-1209443372-962408885-9712\MsMxEng.exe

It also cleaned the worm from my flash drives and external hard drive where it has also parked itself. So far I have restarted my computer six or seven times and the IE no longer auto-launches at the investment site. I would recommend anyone suffering from this problem to use MSE and give it a couple of days! And many thanks for your advice which kept my sanity.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:54 PM

Posted 03 February 2010 - 02:36 PM

Good to hear things work fine. MSE is indeed a good Antivirus program.

However, never trust one single program to keep you 100% safe.

I would recommend you to continue this topic to make sure all things are gone. Malware often leaves traces that need to be cleaned up.

Let me know if you wish to continue or not.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:54 PM

Posted 12 February 2010 - 03:01 PM

Due to lack of feedback this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users