Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2003 Terminal Server Infected With Redirect


  • Please log in to reply
4 replies to this topic

#1 Dazzler

Dazzler

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 19 November 2010 - 06:32 AM

Hi All,

I have been reading these forums for a long time gleaming help and useful information, but now im in need.... unfortunately I have an issue with a terminal server, this server has approx 35 users using it and it is normally locked down and secure, a week or so ago I had my support guys in making some updates to the server, while making these updates we had Mcafee Enterprise disabled so it would not interfere, during this brief time i had a user ignore my request not to use the server, they logged in and opened an email telling them they had a fedex delivery coming and the label was in the exe provided......

yep you guessed it perfect timing and now the server is infected....

so the problem is that internet explorer on the server is redirecting to weird sites about book cases and porn..

I have used the normal arsenal but have not been able to stop it, (have run malwarebytes and full scans with mcafee they have found a couple bits but have not cured the problem...)

So what is my next course of action? any ideas welcomed :D (including appropriate action to the user....)

Cheers
Dazzler

BC AdBot (Login to Remove)

 


#2 Dazzler

Dazzler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 22 November 2010 - 07:36 AM

ok so having run superantispyware it found a couple of bits and has removed then, the redirects dont seem to be happening any more but is there anyway that i can be sure the bug is gone??

Cheers
Dazzler

#3 Dazzler

Dazzler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 23 November 2010 - 09:40 AM

ok i take it back it is still redirecting,

any help appreciated, just trying any tool i can find now to track this thing down, superantispyware found oreans32 but that is a part of the security driver for one of our bits of software so im back to square 1,

just running normans anti malwware now....

Cheers
Dazzler

#4 Dazzler

Dazzler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 24 November 2010 - 07:50 AM

:( im attaching a log from OTL purley as im at a total loss, im guessing this is a bit of a new one for a terminal server....

Cheers
Dazzler

OTL logfile created on: 24/11/2010 12:05:28 - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\administrator.CAMELGROUP\my documents\Downloads
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile\1\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 135.54 Gb Total Space | 34.60 Gb Free Space | 25.53% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 302.20 Gb Free Space | 64.88% Space Free | Partition Type: NTFS

Computer Name: TSSERVER | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\administrator.CAMELGROUP\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
PRC - C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
PRC - C:\WINDOWS\system32\atiptaxx.exe (ATI Technologies, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\administrator.CAMELGROUP\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tsappcmp.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (InterBaseServer) -- File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (FAH@C:+Documents and Settings+Administrator.CAMELGLASS+My Documents+FAH502-Console.exe) -- C:\Documents and Settings\Administrator.CAMELGLASS\My Documents\FAH502-Console.exe File not found
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (SentinelSecurityRuntime) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (RemoteConnector) -- C:\Program Files\Fujitsu Siemens\Remote Connector\SVRemoteConnector.exe (Fujitsu Siemens Computers)
SRV - (SrvCtrl) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe (Fujitsu Siemens Computers)
SRV - (winvnc) -- C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (TermServLicensing) -- C:\WINDOWS\system32\lserver.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (glassproprint) -- C:\Program Files\GlassPro Print Engine\GPFaxIt.exe (Highway Electronics Limited)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (gamscm) -- C:\WINDOWS\system32\GAMSERV\Gamscm.exe ()
SRV - (SpySer) -- C:\WINDOWS\system32\GAMSERV\SpySer.exe ()
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (ndassvc) -- C:\Program Files\NDAS\System\ndassvc.exe (XIMETA, Inc.)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV - (PCANDIS5) -- Z:\PROGRA~1\FIRSTG~1\Upgrade\PCANDIS5.SYS File not found
DRV - (NDISKIO) -- C:\DOCUME~1\ADMINI~2.CAM\LOCALS~1\Temp\000011c1.nmc\nse\bin\ndiskio.sys File not found
DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\DOCUME~1\ADMINI~2.CAM\LOCALS~1\Temp\1e\cpuz132\cpuz132_x32.sys File not found
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dk2drv) -- C:\WINDOWS\system32\drivers\dk2drv.sys (Data Encryption Systems Limited)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ImbDrvNT) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ImbDrvNT.sys (Fujitsu Siemens Computers)
DRV - (ScSBB) -- C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\ScSBB.sys (Fujitsu Siemens Computers)
DRV - (XRNBO) -- C:\WINDOWS\system32\drivers\XRNBO.sys ()
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (hpcisss) -- C:\WINDOWS\System32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (arc) -- C:\WINDOWS\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (lfsfilt) -- C:\WINDOWS\system32\drivers\lfsfilt.sys (XIMETA, Inc.)
DRV - (lpx) -- C:\WINDOWS\system32\DRIVERS\lpx.sys (XIMETA, Inc.)
DRV - (ndasscsi) -- C:\WINDOWS\system32\drivers\ndasscsi.sys (XIMETA, Inc.)
DRV - (ndasbus) -- C:\WINDOWS\system32\drivers\ndasbus.sys (XIMETA, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (smc9452m) NDIS5.1 Miniport Driver for SMC EZ Card 1000 (SMC9452TX V.2) -- C:\WINDOWS\system32\drivers\smc9452m.sys (SMC Networks, Inc.)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/19 09:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 04:37:40 | 000,000,000 | ---D | M]

[2010/11/19 09:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\Mozilla\Extensions
[2010/11/19 10:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\Mozilla\Firefox\Profiles\vutqathm.default\extensions
[2010/11/19 09:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/22 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/16 21:15:46 | 000,000,939 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.16.2 server
O1 - Hosts: 192.168.16.3 tsserver
O1 - Hosts: 192.168.16.3 camelglass.homeip.net
O1 - Hosts: 192.168.18.2 serverred
O1 - Hosts: 192.168.19.2 newserver
O1 - Hosts: 192.168.17.2 bodminserver
O1 - Hosts: 192.168.16.4 sqlserver
O1 - Hosts: 192.168.16.5 sql64server
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ATIPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe File not found
O4 - HKU\S-1-5-21-1176135037-4011289547-2541040399-500..\Run: [EPSON BX300F Series (Copy 1) (from TONY) in session 24] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1176135037-4011289547-2541040399-500..\Run: [EPSON BX300F Series (from TONY) in session 24] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O15 - HKLM\..Trusted Domains: google.co.uk ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: sqlserver ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: sqlserver ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: google.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sqlserver ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sqlserver ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: google.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sqlserver ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sqlserver ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\..Trusted Domains: google.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\..Trusted Domains: sqlserver ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1176135037-4011289547-2541040399-500\..Trusted Domains: sqlserver ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290426144700 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290426128004 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = camelgroup.local
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/24 11:11:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/11/14 10:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2008/08/26 13:41:08 | 000,000,162 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 11:49:28 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/24 10:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\my documents\Poss infected files
[2010/11/24 08:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/24 03:26:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/22 14:58:36 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/11/22 14:56:10 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/11/22 14:56:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/11/22 14:55:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/11/22 14:55:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/11/22 14:55:43 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/11/22 14:55:20 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/11/22 14:55:08 | 005,957,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/11/22 14:46:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/11/22 14:45:30 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/11/22 14:10:09 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/11/22 14:10:08 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/11/22 11:42:59 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/11/22 09:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/11/22 09:40:01 | 000,038,376 | ---- | C] (SafeNet, Inc.) -- C:\WINDOWS\System32\drivers\SNTNLUSB.SYS
[2010/11/22 09:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\SafeNet Sentinel
[2010/11/22 09:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\my documents\Downloaded Installations
[2010/11/19 09:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\Mozilla
[2010/11/18 11:09:35 | 000,000,000 | ---D | C] -- C:\PE
[2010/11/17 10:41:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\Recent
[2010/11/16 21:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/16 21:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\SUPERAntiSpyware.com
[2010/11/16 21:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/16 18:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/11/16 18:32:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/12 10:14:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/12 10:14:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/12 10:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softline Pastel
[2010/11/11 13:43:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/11/02 15:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/11/02 14:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\Local Settings\Application Data\Sage_(UK)_Limited
[2010/11/02 14:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\Sage
[2010/11/02 14:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\Local Settings\Application Data\Sage
[2010/11/02 14:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\Sage (UK) Limited
[2010/11/02 14:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sage (UK) Limited
[2010/11/02 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sage Report Designer 2007
[2010/11/02 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2006/12/12 08:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 12:04:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2CDF5671-DF75-42C7-BDC2-8CB35DD5DA46}.job
[2010/11/24 11:44:22 | 000,440,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/24 11:44:22 | 000,068,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/24 11:40:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/24 11:39:52 | 209,981,440 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/11/24 10:57:10 | 000,001,025 | ---- | M] () -- C:\wdesign.seq
[2010/11/24 09:28:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/24 06:49:08 | 000,002,524 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/11/24 05:22:30 | 000,000,844 | ---- | M] () -- C:\WINDOWS\tasks\FullOtherOffice.job
[2010/11/23 23:05:21 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\FullServer.job
[2010/11/23 20:49:49 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Tuesday.job
[2010/11/23 15:59:45 | 000,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/11/23 14:25:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat.old
[2010/11/23 14:00:04 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8262F130-3A4B-4129-AA5F-CCCA2DF6F8CF}.job
[2010/11/23 05:04:20 | 000,001,760 | RHS- | M] () -- C:\Documents and Settings\administrator.CAMELGROUP\ntuser.pol
[2010/11/23 05:02:18 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/23 04:44:07 | 000,003,470 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/22 20:08:41 | 000,000,822 | ---- | M] () -- C:\WINDOWS\tasks\Monday.job
[2010/11/22 14:09:50 | 000,006,274 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/11/19 20:14:19 | 000,000,822 | ---- | M] () -- C:\WINDOWS\tasks\Friday.job
[2010/11/19 09:38:58 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/19 09:38:58 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/18 19:41:29 | 000,000,864 | ---- | M] () -- C:\WINDOWS\tasks\Dailey.job
[2010/11/17 19:47:18 | 000,000,846 | ---- | M] () -- C:\WINDOWS\tasks\Wednesday.job
[2010/11/16 23:44:06 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\administrator.CAMELGROUP\Desktop\WD Climatec MASTER EDIT THIS ONE.lnk
[2010/11/12 18:30:02 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\restart.job
[2010/11/11 17:50:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\DataBaseSync.job
[2010/11/02 15:39:50 | 000,000,538 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Old GlassPro (Lookup).lnk
[2010/11/02 14:01:43 | 000,000,899 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/10/30 08:24:43 | 000,000,509 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\GlassPro SQL.lnk
[2010/10/26 15:56:32 | 000,026,943 | ---- | M] () -- C:\acadminidump.dmp
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/23 15:46:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/23 05:00:39 | 000,337,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/23 03:02:26 | 000,003,470 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/22 09:40:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/11/19 09:38:58 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/19 09:38:58 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/11 17:48:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\DataBaseSync.job
[2010/11/11 17:08:14 | 000,001,753 | R--- | C] () -- C:\Documents and Settings\administrator.CAMELGROUP\Desktop\Scheduled Tasks.lnk
[2010/11/02 15:38:37 | 000,000,538 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Old GlassPro (Lookup).lnk
[2010/10/26 08:51:44 | 000,026,943 | ---- | C] () -- C:\acadminidump.dmp
[2010/06/15 21:12:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeConfig.dll
[2010/06/15 21:12:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2010/06/15 21:12:48 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2010/06/15 21:12:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2010/06/15 21:12:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2010/06/15 21:12:44 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\L100rl.sys
[2010/02/22 12:35:08 | 002,759,216 | ---- | C] () -- C:\WINDOWS\System32\DK2INST.DLL
[2010/02/09 11:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2010/02/09 11:33:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2009/12/02 11:08:29 | 000,001,290 | ---- | C] () -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\bnfjvkmn.cab
[2009/11/27 09:05:53 | 000,000,128 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/02 09:05:11 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\cdbegchr.cab
[2009/11/02 09:05:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator.CAMELGROUP\Application Data\bcqyueio.cab
[2009/04/06 09:03:44 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/04/06 09:03:43 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/04/06 09:03:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBar32.dll
[2009/04/06 09:03:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SgStat32.dll
[2009/04/06 09:03:42 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2009/04/06 09:03:42 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/04/06 09:03:42 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLch32.dll
[2009/04/06 09:03:42 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/04/06 09:03:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/04/06 09:03:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/04/06 09:03:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/04/06 09:03:41 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDlg32.dll
[2009/04/06 09:03:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/04/06 09:03:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAppBar.dll
[2008/12/18 10:53:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CHANGE.INI
[2008/12/18 10:53:13 | 000,004,271 | ---- | C] () -- C:\WINDOWS\postcode.ini
[2008/12/02 19:06:22 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SgDate.dll
[2008/08/27 14:07:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wdvcltab.ini
[2008/08/27 09:18:37 | 000,002,766 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2008/08/26 13:49:22 | 000,196,416 | ---- | C] () -- C:\WINDOWS\System32\pc.dll
[2008/08/26 13:41:06 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\postcode.dll
[2008/08/26 13:41:06 | 000,077,568 | ---- | C] () -- C:\WINDOWS\System32\afdutl16.dll
[2008/08/26 13:41:06 | 000,066,332 | ---- | C] () -- C:\WINDOWS\System32\zlib16.dll
[2008/08/26 13:41:06 | 000,058,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/08/26 13:41:05 | 000,234,632 | ---- | C] () -- C:\WINDOWS\System32\pcode32.dll
[2008/08/26 13:41:05 | 000,100,488 | ---- | C] () -- C:\WINDOWS\System32\afdutl32.dll
[2008/06/02 11:30:51 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLdNL.DLL
[2008/05/09 12:57:06 | 000,000,684 | ---- | C] () -- C:\WINDOWS\1way.ini
[2008/03/13 07:14:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SgEEncrypt.dll
[2008/02/11 14:47:42 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2008/02/11 14:47:30 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2008/02/11 14:47:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2008/02/04 09:27:55 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2008/02/04 09:27:37 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2008/01/10 09:20:19 | 000,177,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\XRNBO.sys
[2007/09/21 07:44:06 | 000,000,503 | ---- | C] () -- C:\WINDOWS\OPLW.INI
[2007/07/26 08:33:52 | 000,000,996 | ---- | C] () -- C:\WINDOWS\SVN4WIN.INI.old
[2007/07/26 07:25:27 | 000,000,487 | ---- | C] () -- C:\WINDOWS\Shortcut to ALLSIM.INI.lnk
[2007/05/21 08:31:15 | 000,000,495 | ---- | C] () -- C:\WINDOWS\windesv3.ini
[2007/05/21 08:31:12 | 000,000,181 | ---- | C] () -- C:\WINDOWS\wdemail.ini
[2007/03/01 14:10:42 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/09/15 10:21:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mib.dll
[2006/09/15 10:21:41 | 000,039,820 | ---- | C] () -- C:\WINDOWS\System32\MemRWNT.sys
[2006/09/15 10:21:41 | 000,032,820 | ---- | C] () -- C:\WINDOWS\System32\Gammsg.dll
[2006/09/15 10:21:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EveMsg.dll
[2006/09/15 10:21:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\avltree.dll
[2006/05/22 10:44:13 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Payroll.ini
[2006/05/09 10:30:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_RegTLB.dll
[2006/02/16 14:41:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/02/01 16:11:31 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\Vsdrvm32.dll
[2006/02/01 16:10:51 | 000,550,593 | ---- | C] () -- C:\WINDOWS\System32\OpenDWG.DLL
[2006/01/30 09:00:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
[2006/01/23 12:15:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/01/06 10:35:02 | 000,299,454 | ---- | C] () -- C:\WINDOWS\ALLSIM.INI
[2006/01/06 10:35:02 | 000,061,268 | ---- | C] () -- C:\WINDOWS\BIUTILSM.INI
[2006/01/06 10:35:02 | 000,057,969 | ---- | C] () -- C:\WINDOWS\SIMSIM.INI
[2006/01/06 10:35:02 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\ngprtserv.dll
[2006/01/06 10:35:02 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2006/01/06 10:35:02 | 000,000,581 | ---- | C] () -- C:\WINDOWS\Common.ini
[2005/12/20 15:01:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5140.INI
[2005/12/09 12:30:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/11/18 14:40:02 | 000,000,623 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/11/18 14:40:02 | 000,000,053 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/11/18 14:32:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\OPLK.INI
[2005/11/18 14:28:46 | 000,000,318 | ---- | C] () -- C:\WINDOWS\OPLB.INI
[2005/11/17 13:30:28 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/11/14 11:35:26 | 000,000,899 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/14 09:48:07 | 000,004,480 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/05 14:25:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2005/05/05 14:25:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLogo32.dll
[2005/05/05 14:23:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.dll
[2005/03/25 12:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2005/03/25 12:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2005/03/25 12:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2005/03/25 12:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2005/03/25 12:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2005/03/25 12:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2003/06/11 17:39:12 | 006,270,976 | ---- | C] () -- C:\WINDOWS\System32\cricu19.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/05 10:11:46 | 000,000,855 | ---- | C] () -- C:\WINDOWS\Svn4win.ini
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/03/20 01:00:00 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\L100fl.sys
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Files - Unicode (All) ==========
[2008/09/12 13:08:45 | 000,017,516 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\Ʉ
[2008/09/12 13:02:35 | 000,017,516 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\Ʉ

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\administrator.CAMELGROUP\my documents\QuickConnect.exe:SummaryInformation

< End of report >

#5 Dazzler

Dazzler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 29 November 2010 - 04:43 AM

Just to update on this, after using Kaspersky virus removal tool, it found a virus infecting explorer.exe and successfully removed the infection, nothing else i used even managed to touch this infection.

all seems to be ok now,

hopefully this will help someone else with the same issue,

Cheers
Dazzler




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users