need hijack this log checked

Hi guys,

This machine was majorly infected with Win32.Virtob and has been "repaired ". It would not even go into windows, but now logins are possible and it runs better. I could not post a hijack this log because I could not login. The machine will allow me to run it and I did, so would you guys help out a poor help desk guy and check it please?

Thanks in advance
MT

Logfile of HijackThis v1.99.1
Scan saved at 4:35:15 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196100315932
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\Software\..\Telephony: DomainName = tmscorp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tmscorp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: BitDefender Local Manager (BDLM) - SOFTWIN - C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Hi mtaffer

I sure don't see anything bad in the HJT log.

Run a on-line scan or two. Panda and Kaspersky.

Instructions here.
http://www.windowsbbs.com/showthread.php?t=67767

Let me know if anything is found.

Geri

 

Panda log

Kapersky didn't find anything, but this is the log made from the panda scan.

Incident Status Location

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator.MCLEOD.000\Cookies\administrator@bfast[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\All Users\Desktop\Recovery Tools\ComboFix\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\All Users\Desktop\Recovery Tools\ComboFix\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All Users\Desktop\Recovery Tools\Smithfraud Fix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\All Users\Desktop\Recovery Tools\Smithfraud Fix\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.overture.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@cdfreaks[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@cgi-bin[3].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@club.cdfreaks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@did-it[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@go[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\jonm\Cookies\jonm@target[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\jonm\Local Settings\Temp\Temporary Internet Files\Content.IE5\KMC41M41\upd32_v14[1]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jonm.MCLEOD\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jonm.MCLEOD\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jonm.MCLEOD\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jonm.MCLEOD\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jonm.MCLEOD\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jonm.MCLEOD\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@adrevolver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@i.screensavers[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@media.adrevolver[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@realmedia[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@www.burstbeacon[2].txt
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Jonm_Old\Games\My Download\PGAEXDemo.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Jonm_Old\My Download\PGAEXDemo.exe
Spyware:Spyware/Vundo Not disinfected C:\Program Files\Cptjvypu\yvehmaen.dll
Spyware:Spyware/Vundo Not disinfected C:\Program Files\Jauithiq\zpdhlyfk.dll
Adware:Adware/BraveSentry Not disinfected C:\Program Files\MalwareAlarm\MalwareAlarm0.dll
Potentially unwanted tool:Application/MalwareAlarm Not disinfected C:\Program Files\MalwareAlarm\MalwareAlarm1.dll
Potentially unwanted tool:Application/BraveSentry Not disinfected C:\Program Files\MalwareAlarm\MalwareAlarm3.dll

I don't really see anything suspicious, but we are having some difficulties with installing an HP printer, more specifically hp director will not work. Clicking the icon would not do anything, regardless of re-install. That is one of the things that made me think we might still have a virus on the machine. Do you see anything strange in this log?

Thanks for all your help
MT

 

Hi mtaffer

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

Please delete Smitfraudfix.exe
and these files.
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\SYSTEM32\Process.exe
C:\WINDOWS\SYSTEM32\SrchSTS.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\tmp.reg


Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please post the Vundo log.

Thanks
Geri

 

Followup

Hi,

Ran Vundofix and it did not find anything. I was also unable to find any of the system files you wanted me to delete or the smitfraudfix file. Anyway, here is the latest hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:34:51 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\JONM~1.MCL\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\JONM~1.MCL\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\mcleod\deployed\bin\DeployClient.exe
C:\Program Files\Java\j2re1.4.2_03\bin\java.exe
C:\Program Files\Java\jre1.5.0_03\bin\LME - McLeod Support.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\JONM~1.MCL\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\DOCUME~1\JONM~1.MCL\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Spark\Spark.exe
C:\Program Files\AniTa\Anita.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wbhmpsa1:75/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: procexp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196100315932
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\Software\..\Telephony: DomainName = tmscorp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tmscorp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: BitDefender Local Manager (BDLM) - SOFTWIN - C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thank you for all your time.
MT

 

Hi mtaffer

Please look on your Desktop for a folder called "Recovery Tools" Right click on it and click Open look for the Smitfraud.exe and the files mentioned above and delete them.

Empty your recycle bin.

Please download Deckards system scanner and post the logs.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Thanks
Geri

 

Here are the logs you requested

Hi again,

I finally found that folder, it was confusing because it was on the profile we used that had the initial virus. Anyway, here are the logs you requested.
Thanks again.

Deckard's System Scanner v20071014.68
Run by jonm on 2007-12-07 14:01:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 8.24 GiB (less than 15%) free.


-- HijackThis (run as jonm.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-07 14:02:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Spark\Spark.exe
C:\Program Files\AniTa\Anita.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Citrix\icaweb32\wfcrun32.exe
C:\Program Files\Citrix\icaweb32\wfica32.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\jonm.MCLEOD\Local Settings\Temporary Internet Files\Content.IE5\FR9D0U8U\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wbhmpsa1:75/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 192.168.250.227 www.covington.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: procexp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196100315932
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\Software\..\Telephony: DomainName = tmscorp.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = tmscorp.com
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: sockspy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: BitDefender Local Manager (BDLM) - SOFTWIN - C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\hpzipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


--
End of file - 8016 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe ",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
R2 BDLM (BitDefender Local Manager) - c:\program files\common files\softwin\bitdefender local manager\bdlm.exe /service <Not Verified; SOFTWIN; BitDefender Enterprise Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-27 11:01:02 430 --a------ C:\WINDOWS\Tasks\WebReg 20071127110100.job


-- Files created between 2007-11-07 and 2007-12-07 -----------------------------

2007-12-06 11:58:45 0 d-------- C:\VundoFix Backups
2007-12-03 08:53:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-12-03 08:52:59 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-30 17:16:01 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Bitdefender
2007-11-30 16:07:09 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-30 16:02:13 0 d-------- C:\Documents and Settings\Administrator.MCLEOD.000\Application Data\Bitdefender
2007-11-30 16:01:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2007-11-30 16:00:35 0 d-------- C:\Program Files\Hijack This
2007-11-30 15:59:20 0 d-------- C:\WINDOWS\LastGood
2007-11-30 15:38:51 0 d-------- C:\Documents and Settings\Administrator.MCLEOD.000\Application Data\Macromedia
2007-11-28 17:01:51 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-11-28 17:01:51 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2007-11-26 14:39:20 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Spark
2007-11-26 12:08:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2007-11-26 11:08:39 0 d-------- C:\Share
2007-11-26 10:32:11 0 d--hs---- C:\Documents and Settings\jonm.MCLEOD\UserData
2007-11-26 10:10:11 0 d--h----- C:\Documents and Settings\jonm.MCLEOD\InstallAnywhere
2007-11-26 10:04:59 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Citrix
2007-11-26 10:03:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Ardamax Software
2007-11-26 10:03:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Apple Computer
2007-11-26 10:03:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Alien Skin
2007-11-26 10:03:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Aladdin Systems
2007-11-26 10:03:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Ahead
2007-11-26 10:03:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\AdobeUM
2007-11-26 10:03:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\AdobeAUM
2007-11-26 10:03:33 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\dvdcss
2007-11-26 10:03:33 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\CyberLink
2007-11-26 10:03:33 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Cognos
2007-11-26 10:03:16 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Imagenomic
2007-11-26 10:03:16 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\ICAClient
2007-11-26 10:03:16 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\HP
2007-11-26 10:03:16 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Help
2007-11-26 10:03:16 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Google
2007-11-26 10:01:38 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\OurPictures
2007-11-26 10:01:38 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Opera
2007-11-26 10:01:38 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\NeroVision
2007-11-26 10:01:38 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\MSN6
2007-11-26 10:01:38 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Mozilla
2007-11-26 10:01:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Roxio
2007-11-26 10:01:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Real
2007-11-26 10:01:33 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\SmartDraw
2007-11-26 10:01:33 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Skype
2007-11-26 10:00:56 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Sun
2007-11-26 10:00:44 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\webex
2007-11-26 10:00:44 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Ulead Systems
2007-11-26 10:00:41 0 d-------- C:\Documents and Settings\jonm.MCLEOD\.sslexplorer
2007-11-26 10:00:41 0 d-------- C:\Documents and Settings\jonm.MCLEOD\.primetime2006
2007-11-26 10:00:41 0 d-------- C:\Documents and Settings\jonm.MCLEOD\.mcleod
2007-11-26 10:00:41 0 d-------- C:\Documents and Settings\jonm.MCLEOD\.jmf
2007-11-26 10:00:39 0 d-------- C:\Documents and Settings\jonm.MCLEOD\.jbuilder2006
2007-11-26 10:00:39 0 d--h----- C:\Documents and Settings\jonm.MCLEOD\.diotkzr115
2007-11-26 10:00:39 0 d-------- C:\Documents and Settings\jonm.MCLEOD\.borland
2007-11-26 10:00:39 0 d-------- C:\Documents and Settings\jonm.MCLEOD\.bmc60
2007-11-26 09:54:34 278528 --a------ C:\WINDOWS\system32\hpdjaio <Not Verified; HP; HP DeskJet>
2007-11-26 09:53:34 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Macromedia
2007-11-21 17:32:36 0 d-------- C:\Documents and Settings\Administrator.MCLEOD.000\Application Data\Adobe
2007-11-21 17:32:18 0 d-------- C:\Documents and Settings\Administrator.MCLEOD.000\Application Data\Identities
2007-11-21 17:18:38 0 d-------- C:\Documents and Settings\Administrator.WBHMDSK115\Application Data\Adobe
2007-11-21 17:18:33 0 d-------- C:\Documents and Settings\Administrator.WBHMDSK115\Application Data\Identities
2007-11-21 17:18:28 0 d--h----- C:\Documents and Settings\Administrator.WBHMDSK115\Templates
2007-11-21 17:18:28 0 dr------- C:\Documents and Settings\Administrator.WBHMDSK115\Start Menu
2007-11-21 17:18:28 0 dr-h----- C:\Documents and Settings\Administrator.WBHMDSK115\SendTo
2007-11-21 17:18:28 0 dr-h----- C:\Documents and Settings\Administrator.WBHMDSK115\Recent
2007-11-21 17:18:28 0 d--h----- C:\Documents and Settings\Administrator.WBHMDSK115\PrintHood
2007-11-21 17:18:28 786432 --ah----- C:\Documents and Settings\Administrator.WBHMDSK115\NTUSER.DAT
2007-11-21 17:18:28 0 d--h----- C:\Documents and Settings\Administrator.WBHMDSK115\NetHood
2007-11-21 17:18:28 0 dr------- C:\Documents and Settings\Administrator.WBHMDSK115\My Documents
2007-11-21 17:18:28 0 d--h----- C:\Documents and Settings\Administrator.WBHMDSK115\Local Settings
2007-11-21 17:18:28 0 dr------- C:\Documents and Settings\Administrator.WBHMDSK115\Favorites
2007-11-21 17:18:28 0 d-------- C:\Documents and Settings\Administrator.WBHMDSK115\Desktop
2007-11-21 17:18:28 0 d---s---- C:\Documents and Settings\Administrator.WBHMDSK115\Cookies
2007-11-21 17:18:28 0 dr-h----- C:\Documents and Settings\Administrator.WBHMDSK115\Application Data
2007-11-21 17:18:28 0 d---s---- C:\Documents and Settings\Administrator.WBHMDSK115\Application Data\Microsoft
2007-11-21 17:16:02 0 dr------- C:\Documents and Settings\Administrator.MCLEOD.000\Favorites
2007-11-21 17:16:02 0 d-------- C:\Documents and Settings\Administrator.MCLEOD.000\Desktop
2007-11-21 17:16:02 0 d--hs---- C:\Documents and Settings\Administrator.MCLEOD.000\Cookies
2007-11-21 17:16:02 0 dr-h----- C:\Documents and Settings\Administrator.MCLEOD.000\Application Data
2007-11-21 17:16:02 0 d---s---- C:\Documents and Settings\Administrator.MCLEOD.000\Application Data\Microsoft
2007-11-21 17:16:01 0 d--h----- C:\Documents and Settings\Administrator.MCLEOD.000\Templates
2007-11-21 17:16:01 0 dr------- C:\Documents and Settings\Administrator.MCLEOD.000\Start Menu
2007-11-21 17:16:01 0 dr-h----- C:\Documents and Settings\Administrator.MCLEOD.000\SendTo
2007-11-21 17:16:01 0 dr-h----- C:\Documents and Settings\Administrator.MCLEOD.000\Recent
2007-11-21 17:16:01 0 d--h----- C:\Documents and Settings\Administrator.MCLEOD.000\PrintHood
2007-11-21 17:16:01 1048576 --ah----- C:\Documents and Settings\Administrator.MCLEOD.000\NTUSER.DAT
2007-11-21 17:16:01 0 d--h----- C:\Documents and Settings\Administrator.MCLEOD.000\NetHood
2007-11-21 17:16:01 0 dr------- C:\Documents and Settings\Administrator.MCLEOD.000\My Documents
2007-11-21 17:16:01 0 d--h----- C:\Documents and Settings\Administrator.MCLEOD.000\Local Settings
2007-11-21 17:15:12 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Adobe
2007-11-21 17:14:48 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Identities
2007-11-21 17:14:35 0 d--h----- C:\Documents and Settings\jonm.MCLEOD\Templates
2007-11-21 17:14:35 0 dr------- C:\Documents and Settings\jonm.MCLEOD\Start Menu
2007-11-21 17:14:35 0 dr-h----- C:\Documents and Settings\jonm.MCLEOD\SendTo
2007-11-21 17:14:35 0 dr-h----- C:\Documents and Settings\jonm.MCLEOD\Recent
2007-11-21 17:14:35 0 d--h----- C:\Documents and Settings\jonm.MCLEOD\PrintHood
2007-11-21 17:14:35 2097152 --ah----- C:\Documents and Settings\jonm.MCLEOD\NTUSER.DAT
2007-11-21 17:14:35 0 d--h----- C:\Documents and Settings\jonm.MCLEOD\NetHood
2007-11-21 17:14:35 0 dr------- C:\Documents and Settings\jonm.MCLEOD\My Documents
2007-11-21 17:14:35 0 d--h----- C:\Documents and Settings\jonm.MCLEOD\Local Settings
2007-11-21 17:14:35 0 dr------- C:\Documents and Settings\jonm.MCLEOD\Favorites
2007-11-21 17:14:35 0 d-------- C:\Documents and Settings\jonm.MCLEOD\Desktop
2007-11-21 17:14:35 0 d--hs---- C:\Documents and Settings\jonm.MCLEOD\Cookies
2007-11-21 17:14:35 0 dr-h----- C:\Documents and Settings\jonm.MCLEOD\Application Data
2007-11-21 16:02:11 1056768 --a------ C:\WINDOWS\ROBOEX32.DLL <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2007-11-21 16:02:11 49152 --a------ C:\WINDOWS\INETWH32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-11-21 16:02:11 26832 --a------ C:\WINDOWS\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-11-21 15:15:03 251664 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 15:15:02 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-11-21 15:15:02 24336 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 15:15:02 37136 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 15:15:02 1039360 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 15:15:01 76288 --a------ C:\WINDOWS\system32\ssfm1032.dll <Not Verified; Sheridan Software Systems, Inc; Sheridan Software Systems, Inc>
2007-11-21 13:49:33 0 d-------- C:\WINDOWS\system32\QuickTime
2007-11-21 13:47:33 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2007-11-21 13:28:19 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-11-21 13:28:19 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-11-21 13:28:19 0 d-------- C:\Program Files\Analog Devices
2007-11-21 10:59:55 0 d-------- C:\drvrtmp
2007-11-21 10:37:44 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-11-21 10:33:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-11-21 10:28:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2007-11-19 11:55:03 0 d-------- C:\WINDOWS\Prefetch
2007-11-19 11:55:01 262144 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2007-11-19 11:55:01 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2007-11-19 11:55:01 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2007-11-19 11:55:01 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2007-11-19 11:55:01 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2007-11-19 11:54:49 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2007-11-19 11:54:49 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2007-11-19 11:54:49 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2007-11-19 11:54:49 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2007-11-19 11:54:48 262144 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-11-19 11:43:05 225280 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-11-19 11:41:01 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-11-19 11:38:41 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-19 04:27:39 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2007-11-19 04:27:39 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2007-11-19 04:27:39 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2007-11-19 04:27:39 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2007-11-19 04:27:39 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2007-11-19 04:27:39 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2007-11-19 04:27:39 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2007-11-19 04:27:39 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2007-11-19 04:27:39 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2007-11-19 04:27:39 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2007-11-19 04:27:39 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2007-11-19 04:27:39 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2007-11-19 04:27:39 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2007-11-19 04:27:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2007-11-19 04:27:39 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-11-19 04:27:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2007-11-19 04:27:19 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2007-11-19 04:27:19 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2007-11-19 04:27:19 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2007-11-19 04:27:19 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2007-11-16 13:23:12 0 d-------- C:\WINDOWS\dell
2007-11-14 16:50:51 0 d-------- C:\Program Files\MalwareAlarm
2007-11-14 16:50:42 1147424 --a------ C:\Install
2007-11-14 16:50:36 0 d-------- C:\Program Files\hwlixcpo
2007-11-14 16:20:20 0 d-------- C:\Program Files\Jauithiq
2007-11-14 14:36:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-11-14 13:54:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 12:02:00 0 dr-h----- C:\Documents and Settings\administrator.MCLEOD\Recent
2007-11-14 10:00:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-14 09:40:37 0 d-------- C:\Documents and Settings\administrator.MCLEOD\Application Data\Macromedia
2007-11-14 09:37:36 0 d-------- C:\Documents and Settings\administrator.MCLEOD\.housecall6.6
2007-11-14 09:19:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 20:01:06 0 d-------- C:\7cb8a1ec8fc6637b11e1e9d9b5
2007-11-13 15:26:11 11776 --a------ C:\d.exe
2007-11-13 15:25:50 2 --a------ C:\1758710980
2007-11-13 15:24:13 0 d-------- C:\WINDOWS\system32\fibagbia
2007-11-13 15:24:09 0 d-------- C:\Program Files\SecCenter
2007-11-13 15:24:07 0 d-------- C:\Program Files\Cptjvypu
2007-11-13 15:24:00 0 d-------- C:\Program Files\hcjmvsfo
2007-11-13 15:12:48 0 d-------- C:\Program Files\Aglare Mp4 to AVI Converter


-- Find3M Report ---------------------------------------------------------------

2007-12-03 13:58:52 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-11-30 14:35:48 0 d-------- C:\Program Files\HP
2007-11-26 14:39:00 0 d-------- C:\Program Files\Spark
2007-11-21 15:42:39 0 d-------- C:\Program Files\Common Files\Cognos Shared
2007-11-21 15:42:35 0 d-------- C:\Program Files\Cognos
2007-11-21 13:42:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 11:39:33 0 d-------- C:\Program Files\Movie Maker
2007-11-19 11:38:04 0 d-------- C:\Program Files\Messenger
2007-11-19 11:37:57 0 d-------- C:\Program Files\Windows NT
2007-11-15 17:57:23 0 d-a------ C:\Program Files\Common Files
2007-11-02 16:12:19 0 d-------- C:\Program Files\Free WMA to MP3 Converter
2007-10-22 14:41:33 0 d-------- C:\Program Files\McLeod Software
2007-10-09 13:49:06 0 d-------- C:\Program Files\MP4 Player


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Version Cue CS2 "= "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 05:58 PM]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 01:12 AM]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 05:41 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24 AM]
"DXDllRegExe "= "dxdllreg.exe" []
"BDMCon "= "C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe" [03/22/2007 08:44 PM]
"BDAgent "= "C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 03:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

C:\Documents and Settings\jonm.MCLEOD\Start Menu\Programs\Startup\
procexp.exe [2/22/2006 3:31:46 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [11/21/2007 10:40:56 AM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/19/2004 2:15:07 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 12:20:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate "=1 (0x1)
"ForceStartMenuLogOff "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=adminpassword.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logon\0\0]
"Script "=xdrivemapping.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logon\1\0]
"Script "=xdrivemapping.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logon\0\0]
"Script "=xdrivemapping.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logon\1\0]
"Script "=xdrivemapping.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jonm.MCLEOD^Start Menu^Programs^Startup^procexp.exe]
path=C:\Documents and Settings\jonm.MCLEOD\Start Menu\Programs\Startup\procexp.exe
backup=C:\WINDOWS\pss\procexp.exeStartup



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34bbc0f8-9c38-11dc-983f-000d562a9282}]
AutoRun\command- G:\PortableVault.exe

*Newly Created Service* - BDFDLL
*Newly Created Service* - BDFSDRV
*Newly Created Service* - BDLM
*Newly Created Service* - BDRSDRV
*Newly Created Service* - BDSS
*Newly Created Service* - LIVESRV
*Newly Created Service* - VSSERV
*Newly Created Service* - XCOMM



-- Hosts -----------------------------------------------------------------------

192.168.250.227 www.covington.com


-- End of Deckard's System Scanner: finished at 2007-12-07 14:03:48 ------------


MT

 

extra text

Here is the extra.txt file

Here is the extra text

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 1022.98 MiB / 195.77 MiB
Pagefile Memory (total/avail): 2461.57 MiB / 1477.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1901.52 MiB

C: is Fixed (NTFS) - 74.46 GiB total, 8.23 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
V: is Network (NTFS)
X: is Network (NTFS)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 74.46 GiB - C:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Bitdefender Firewall v8.0 (Softwin) Disabled
AV: Bitdefender Antivirus v8.0 (Softwin) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe "= "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabledreamweaver 8 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe "= "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\jonm.MCLEOD\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WBHMDSK115
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jonm.MCLEOD
LOGONSERVER=\\BHMAD2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JONM~1.MCL\LOCALS~1\Temp
TMP=C:\DOCUME~1\JONM~1.MCL\LOCALS~1\Temp
USERDNSDOMAIN=TMSCORP.COM
USERDOMAIN=MCLEOD
USERNAME=jonm
USERPROFILE=C:\Documents and Settings\jonm.MCLEOD
WecVersionForRosebud.10C=2
WecVersionForRosebud.A28=2
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

tmscorp.MCLEOD-CE3973C5 (admin)
Administrator.WBHMDSK115 (new local, admin)
jonm.MCLEOD (admin)
Administrator.MCLEOD.000 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0809
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
BitDefender Antivirus Plus v10 --> MsiExec.exe /I{22524CA1-515C-4153-9807-52AE65F73B5F}
Cognos EP Series 7 --> "C:\Program Files\Common Files\Cognos Shared\cer2\Uninstall\uninst.exe" /u "C:\Program Files\Common Files\Cognos Shared\cer2\Uninstall\uninst.ini "
Cognos Series 7 Version 4 --> "C:\Program Files\Common Files\Cognos Shared\cer5\Uninstall\uninst.exe" -u "C:\Program Files\Common Files\Cognos Shared\cer5\Uninstall\uninst.ini "
Cognos Windows Common Logon Server --> "C:\Program Files\Common Files\Cognos Shared\commonlogon\Uninstall\uninst.exe" -u "C:\Program Files\Common Files\Cognos Shared\commonlogon\Uninstall\uninst.ini "
HijackThis 1.99.1 --> C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Contribute 3.11 --> MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spark --> MsiExec.exe /I{783E2201-8AC7-44F1-9418-F732A6B96F82}
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
The National Motor Carrier Directory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5DE4E77-3DD0-444F-A87B-7D18438BAD1C}\setup.exe"
Ulead Drop Spot 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BCC5640-5360-11D4-A44A-0000E86D2305}\setup.exe"
Ulead PhotoImpact 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0F02CE0-491C-11D4-A44A-0000E86D2305}\setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type521 / Error
Event Submitted/Written: 12/07/2007 01:05:31 PM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Event Record #/Type520 / Error
Event Submitted/Written: 12/07/2007 11:33:30 AM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Event Record #/Type517 / Error
Event Submitted/Written: 12/07/2007 08:14:27 AM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Event Record #/Type516 / Error
Event Submitted/Written: 12/07/2007 06:38:26 AM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Event Record #/Type515 / Error
Event Submitted/Written: 12/07/2007 04:54:25 AM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2510 / Warning
Event Submitted/Written: 12/07/2007 01:05:31 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server ldap/bhmad2.tmscorp.com/tmscorp.com@tmscorp.com. No authentication protocol was available.

Event Record #/Type2499 / Warning
Event Submitted/Written: 12/07/2007 11:33:30 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server ldap/bhmad2.tmscorp.com/tmscorp.com@tmscorp.com. No authentication protocol was available.

Event Record #/Type2476 / Warning
Event Submitted/Written: 12/07/2007 08:14:27 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server ldap/bhmad2.tmscorp.com/tmscorp.com@tmscorp.com. No authentication protocol was available.

Event Record #/Type2475 / Warning
Event Submitted/Written: 12/07/2007 06:38:26 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server ldap/bhmad2.tmscorp.com/tmscorp.com@tmscorp.com. No authentication protocol was available.

Event Record #/Type2464 / Warning
Event Submitted/Written: 12/07/2007 04:54:25 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server ldap/bhmad2.tmscorp.com/tmscorp.com@tmscorp.com. No authentication protocol was available.



-- End of Deckard's System Scanner: finished at 2007-12-07 14:03:48 ------------

MT

 

Hi mtaffer

Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Geri

 

latest log

Thanks again,

Combofix removed a few files, here is the log

ComboFix 07-12-09.1 - jonm 2007-12-10 10:11:58.1 - NTFSx86
Running from: C:\Documents and Settings\jonm.MCLEOD\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\Documents and Settings\jonm\g2mdlhlpx.exe
C:\Program Files\Cptjvypu
C:\Program Files\Cptjvypu\yvehmaen.dll
C:\Program Files\Jauithiq
C:\Program Files\Jauithiq\zpdhlyfk.dll
C:\Program Files\SecCenter
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-07 13:58 . 2007-12-07 13:58 <DIR> d-------- C:\Deckard
2007-12-06 11:58 . 2007-12-06 11:58 <DIR> d-------- C:\VundoFix Backups
2007-12-03 10:59 . 2007-12-03 11:12 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-03 10:59 . 2007-12-03 11:12 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-03 10:59 . 2007-12-03 11:12 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-03 08:53 . 2007-12-03 08:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-12-03 08:52 . 2007-12-03 08:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-11-30 17:16 . 2007-11-30 17:16 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Bitdefender
2007-11-30 16:07 . 2007-12-10 10:29 81,984 --a------ C:\WINDOWS\SYSTEM32\bdod.bin
2007-11-30 16:02 . 2007-11-30 16:02 <DIR> d-------- C:\Documents and Settings\Administrator.MCLEOD.000\Application Data\Bitdefender
2007-11-30 16:01 . 2007-11-30 16:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2007-11-30 16:00 . 2007-12-07 14:02 <DIR> d-------- C:\Program Files\Hijack This
2007-11-30 14:35 . 2007-11-30 14:36 <DIR> d-------- C:\temp\FixEngine
2007-11-28 17:01 . 2003-06-23 10:44 626,960 -ra------ C:\WINDOWS\SYSTEM32\hpvaut32.dll
2007-11-28 17:01 . 2003-06-23 10:44 487,424 -ra------ C:\WINDOWS\SYSTEM32\hpvcp70.dll
2007-11-28 17:01 . 2003-06-23 10:44 344,064 -ra------ C:\WINDOWS\SYSTEM32\hpvcr70.dll
2007-11-28 17:01 . 2003-06-23 10:44 44,544 -ra------ C:\WINDOWS\SYSTEM32\MSXML4a.dll
2007-11-28 15:09 . 2003-08-11 02:07 34,468 --------- C:\WINDOWS\hpomdl03.dat.temp
2007-11-28 15:09 . 2007-11-27 11:00 28,922 --------- C:\WINDOWS\hpoins03.dat.temp
2007-11-28 08:23 . 2007-11-28 08:23 <DIR> d-------- C:\Documents and Settings\JONM~1~MCL\LOCALS~1
2007-11-27 16:20 . 2007-12-08 14:53 146 --a------ C:\WINDOWS\Anita.INI
2007-11-27 10:56 . 2007-11-27 10:56 43,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS
2007-11-26 14:39 . 2007-12-07 13:53 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Spark
2007-11-26 14:28 . 2007-04-25 02:41 6,058,496 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-11-26 14:28 . 2007-04-17 03:28 2,455,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-11-26 14:28 . 2007-02-09 07:26 991,232 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2007-11-26 14:28 . 2007-04-25 02:41 459,264 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-11-26 14:28 . 2007-04-25 02:41 383,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-11-26 14:28 . 2007-04-25 02:41 267,776 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-11-26 14:28 . 2007-04-25 02:41 52,224 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-11-26 14:28 . 2007-04-24 08:26 13,824 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-11-26 13:14 . 2006-12-19 10:51 2,182,016 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2007-11-26 13:14 . 2006-12-19 10:49 2,137,600 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2007-11-26 13:14 . 2006-12-19 10:12 2,059,392 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2007-11-26 13:14 . 2006-12-19 10:12 2,017,280 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2007-11-26 11:08 . 2007-11-26 11:12 <DIR> d-------- C:\Share
2007-11-26 10:32 . 2007-11-26 10:32 <DIR> d--hs---- C:\Documents and Settings\jonm.MCLEOD\UserData
2007-11-26 10:10 . 2007-11-26 10:10 <DIR> d--h----- C:\Documents and Settings\jonm.MCLEOD\InstallAnywhere
2007-11-26 10:04 . 2007-11-26 10:04 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Citrix
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Imagenomic
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\ICAClient
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\HP
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\dvdcss
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\CyberLink
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Cognos
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Ardamax Software
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Apple Computer
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Alien Skin
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Aladdin Systems
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Ahead
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\AdobeUM
2007-11-26 10:03 . 2007-11-26 10:03 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\AdobeAUM
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\SmartDraw
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Skype
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Roxio
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\OurPictures
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\NeroVision
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\MSN6
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\webex
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\Application Data\Ulead Systems
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\.sslexplorer
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\.primetime2006
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\.mcleod
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\.jmf
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\.jbuilder2006
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d--h----- C:\Documents and Settings\jonm.MCLEOD\.diotkzr115
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\.borland
2007-11-26 10:00 . 2007-11-26 10:00 <DIR> d-------- C:\Documents and Settings\jonm.MCLEOD\.bmc60
2007-11-26 09:54 . 2003-08-11 02:07 278,528 --a------ C:\WINDOWS\SYSTEM32\hpdjaio
2007-11-26 09:30 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2007-11-26 09:30 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usbscan.sys
2007-11-21 17:34 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-11-21 16:55 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2007-11-21 16:55 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2007-11-21 16:55 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2007-11-21 16:55 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2007-11-21 16:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2007-11-21 16:50 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2007-11-21 16:50 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2007-11-21 16:02 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\ROBOEX32.DLL
2007-11-21 16:02 . 1999-01-28 15:44 49,152 --a------ C:\WINDOWS\INETWH32.dll
2007-11-21 16:02 . 1995-07-20 00:00 26,832 --a------ C:\WINDOWS\CTL3DV2.DLL
2007-11-21 16:01 . 2007-11-27 15:04 4,848 --a------ C:\WINDOWS\ULEAD32.INI
2007-11-21 15:14 . 2002-05-05 22:21 448,512 --a------ C:\WINDOWS\SYSTEM32\FlyTreeXCtrl.ocx
2007-11-21 15:14 . 2002-05-05 22:17 415,176 --a------ C:\WINDOWS\SYSTEM32\comct332.ocx
2007-11-21 15:14 . 2002-05-05 22:17 244,416 --a------ C:\WINDOWS\SYSTEM32\msflxgrd.ocx
2007-11-21 15:14 . 2002-05-05 22:17 203,976 --a------ C:\WINDOWS\SYSTEM32\richtx32.ocx
2007-11-21 15:11 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\SYSTEM32\mdimon.dll
2007-11-21 14:02 . 2007-11-26 10:52 376 --a------ C:\WINDOWS\ODBC.INI
2007-11-21 13:49 . 2007-11-21 13:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\QuickTime
2007-11-21 13:28 . 2007-11-21 13:28 <DIR> d-------- C:\Program Files\Analog Devices
2007-11-21 10:59 . 2007-11-21 11:00 <DIR> d-------- C:\drvrtmp
2007-11-21 10:59 . 2007-11-21 10:59 <DIR> d-------- C:\Documents and Settings\TMSCOR~1~MCL\LOCALS~1
2007-11-21 10:59 . 2003-02-11 09:58 126,976 --a------ C:\WINDOWS\SYSTEM32\e1000msg.dll
2007-11-21 10:59 . 2003-07-11 10:58 121,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\e1000325.sys
2007-11-21 10:59 . 2003-07-11 12:15 118,784 --a------ C:\WINDOWS\SYSTEM32\Prounstl.exe
2007-11-21 10:59 . 2002-12-29 05:00 24,064 --a------ C:\WINDOWS\SYSTEM32\IntelNic.dll
2007-11-21 10:59 . 2002-09-03 02:34 2,725 -ra------ C:\WINDOWS\SYSTEM32\e1000325.din
2007-11-21 10:58 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\usbstor.sys
2007-11-21 10:37 . 2004-08-16 19:40 16,384 --a------ C:\WINDOWS\SYSTEM32\FileOps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 19:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-11-30 20:35 --------- d-----w C:\Program Files\HP
2007-11-26 20:39 --------- d-----w C:\Program Files\Spark
2007-11-21 21:42 --------- d-----w C:\Program Files\Common Files\Cognos Shared
2007-11-21 21:42 --------- d-----w C:\Program Files\Cognos
2007-11-21 19:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 22:57 --------- d-----w C:\Documents and Settings\jonm\Application Data\AdobeUM
2007-11-02 22:12 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2007-10-22 20:41 --------- d-----w C:\Program Files\McLeod Software
2005-08-23 22:18 2,384 ----a-w C:\Program Files\uninstalcwp2.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Version Cue CS2 "= "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 17:41]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"DXDllRegExe "= "dxdllreg.exe" []
"BDMCon "= "C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe" [2007-11-30 17:03]
"BDAgent "= "C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

C:\Documents and Settings\jonm\Start Menu\Programs\Startup\
PANTONE(R) colorist.lnk - C:\Program Files\Pantone, Inc\PANTONE(R) colorist\PANTONE(R) colorist.exe [2003-10-28 10:25:37]

C:\Documents and Settings\jonm.MCLEOD\Start Menu\Programs\Startup\
procexp.exe [2006-02-22 15:31:46]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-21 10:40:56]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-19 14:15:07]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 00:20:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=adminpassword.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-1003\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1202660629-1580818891-725345543-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Loopback-GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logon\0\0]
"Script "=xdrivemapping.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logon\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-1148\Scripts\Logon\1\0]
"Script "=xdrivemapping.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Loopback-GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logon\0\0]
"Script "=xdrivemapping.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logon\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-606747145-630328440-1801674531-500\Scripts\Logon\1\0]
"Script "=xdrivemapping.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jonm.MCLEOD^Start Menu^Programs^Startup^procexp.exe]
path=C:\Documents and Settings\jonm.MCLEOD\Start Menu\Programs\Startup\procexp.exe
backup=C:\WINDOWS\pss\procexp.exeStartup

R2 BDLM;BitDefender Local Manager;C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe /service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34bbc0f8-9c38-11dc-983f-000d562a9282}]
\Shell\AutoRun\command - G:\PortableVault.exe

*Newly Created Service* - BDPREDIR
.
Contents of the 'Scheduled Tasks' folder
"2007-11-27 17:01:02 C:\WINDOWS\Tasks\WebReg 20071127110100.job "
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20071127110100 /N
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\JONM~1.MCL\LOCALS~1\Temp\mislldxy15.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 10:32:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-10 10:35:11 - machine was rebooted
.
--- E O F ---


Hijack this in next post

 

hijack this log

Geri,

Here is the hijack this:

Here is the latest hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 10:36, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hijack This\jonm.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wbhmpsa1:75/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: procexp.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196100315932
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\Software\..\Telephony: DomainName = tmscorp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tmscorp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tmscorp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: BitDefender Local Manager (BDLM) - SOFTWIN - C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanks again,
MT

 

Hi

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

MalwareAlarm


Download
OTMoveIt by OldTimer to your Desktop.

• Double click OTMoveIt.exe to launch it.
• Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

• Click the Move It button.
• The list will be processed and the results will appear in the right hand pane.
• If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
• When finished click Exit to exit the programme.
• A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Now please do this. Make sure you check the FireFox Option.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please Run the Panda scan again and post the new results.

Thanks
Geri

 

Here it is

Sorry for the delay, but we scanned local disks with Panda and here is the report.



Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jonm\Application Data\Mozilla\Firefox\Profiles\z70pwex1.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@ehg-dig.hitbox[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@go[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@questionmarket[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@searchportal.information[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@www.burstbeacon[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jonm.MCLEOD\Cookies\jonm@zedo[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\jonm.MCLEOD\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\jonm.MCLEOD\Desktop\ComboFix.exe[nircmd.cfexe]
Spyware:Spyware/Vundo Not disinfected C:\qoobox\Quarantine\C\Program Files\Cptjvypu\yvehmaen.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\qoobox\Quarantine\C\Program Files\Jauithiq\zpdhlyfk.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\_OTMoveIt\MovedFiles\Jonm_Old\Games\My Download\PGAEXDemo.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\_OTMoveIt\MovedFiles\Jonm_Old\My Download\PGAEXDemo.exe
Possible Virus. Not disinfected C:\_OTMoveIt\MovedFiles\Program Files\MalwareAlarm\MalwareAlarm.exe
Adware:Adware/BraveSentry Not disinfected C:\_OTMoveIt\MovedFiles\Program Files\MalwareAlarm\MalwareAlarm0.dll
Potentially unwanted tool:Application/MalwareAlarm Not disinfected C:\_OTMoveIt\MovedFiles\Program Files\MalwareAlarm\MalwareAlarm1.dll
Potentially unwanted tool:Application/BraveSentry Not disinfected C:\_OTMoveIt\MovedFiles\Program Files\MalwareAlarm\MalwareAlarm3.dll

 

Hi mtaffer
OK that scan looks good


Please double-click OTMoveIt.exe to run it.
Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Please run ATF cleaner again, make sure you choose the FireFox option also.

If everything is running OK, then do the following.

This would be a good time to set a new system restore point for your machine.
Set New System Restore Point Windows XP. - Set New System Restore Point Windows Vista
Do not do this unless there are no other user accounts to be diagnosed.


Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
http://www.windowsbbs.com/showthread.php?t=67958


Let me know and I'll mark this one resolved.

Thanks
Geri