Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop, Homepage Locked; Pc Will Not Boot On Normal Mode.


  • Please log in to reply
19 replies to this topic

#1 orsilr

orsilr

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 07 April 2008 - 05:53 AM

Hi,
My desktop is locked with an advertising background. The homepage is locked on an advertisement webpage. The PC will not boot in normal mode. I managed to boot directly from the HD using Dell's instructions for my Dimension 2350. Now it also started to resend e-mails from my "sent" folder. Also, it is starting to get slower...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 6:48:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 616589
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 94308
Number of viruses found: 4
Number of infected objects: 11
Number of suspicious objects: 3
Duration of the scan process: 02:20:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\The Print Shop\PMWPRINT.INI Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-192347.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080406_Time-102932281_EnterceptExceptions.dat Object is locked skipped


NOTE: KASPERSKY SCAN WAS SO LONG, I COULDN'T POST IT ALL....


Deckard's System Scanner v20071014.68
Run by Roger A. Orfila on 2008-04-06 18:52:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-06 22:52:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Roger A. Orfila.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:18 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Roger A. Orfila\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Roger A. Orfila.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\DELLMO~1\moh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxuk100XXPR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EBE1406-BE0E-44E6-AE10-247A0C5AEDCF} (McAfee Virtual Technician) - https://mvt.mcafee.com/mvt/cab/mvt9x.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/36/install/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://samsclubpr.pnimedia.com/upload/acti...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - http://www.televicentropr.com/images/doppler2.jpg

--
End of file - 11871 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 MR97310_USB_DUAL_CAMERA (MR97310 CIF Dual Mode Camera) - c:\windows\system32\drivers\mr97310c.sys <Not Verified; DUCam Technology Inc.; DUCam DU101 USB Driver>
S3 ser2pl (USB Filter Driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 SFC4 - c:\windows\system32\drivers\sfc4.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)
S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; ; USB to Serial Bridge Controller>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 usbu2a - c:\windows\system32\drivers\usbu2a.sys <Not Verified; USB Compliance; >
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SoundMAX Integrated Digital Audio
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01471028&REV_02\3&13C0B0C5&0&FD
Manufacturer: Analog Devices, Inc.
Name: SoundMAX Integrated Digital Audio
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01471028&REV_02\3&13C0B0C5&0&FD
Service: smwdm

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&33BC18FA&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&33BC18FA&0&0
Service: flpydisk


-- Scheduled Tasks -------------------------------------------------------------

2008-04-06 10:53:13 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-10-10 09:55:43 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-05-21 10:50:37 260 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 18:55:56 0 d-------- C:\Program Files\Trend Micro
2008-04-06 11:45:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 11:45:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 11:45:32 0 d-------- C:\WINDOWS\LastGood
2008-04-03 20:00:22 0 d-------- C:\Documents and Settings\Genesis\Application Data\Logitech
2008-04-03 20:00:04 0 d-------- C:\Documents and Settings\Genesis\Application Data\Identities
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Templates
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Start Menu
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\SendTo
2008-04-03 19:59:53 0 dr-h----- C:\Documents and Settings\Genesis\Recent
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\PrintHood
2008-04-03 19:59:53 786432 --ah----- C:\Documents and Settings\Genesis\ntuser.dat
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\NetHood
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\My Documents
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Local Settings
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\Favorites
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Desktop
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Cookies
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Application Data
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Application Data\Microsoft
2008-04-01 20:14:24 0 d-------- C:\WINDOWS\system32\NtmsData
2008-03-13 06:17:58 0 d-------- C:\Program Files\dbar
2008-03-12 16:11:56 0 d-------- C:\Program Files\winvi


-- Find3M Report ---------------------------------------------------------------

2008-04-02 20:53:14 0 d-------- C:\Program Files\Support Tools
2008-03-16 09:43:35 0 d-------- C:\Program Files\BrowsingAdvisor
2008-03-11 07:21:47 0 d-------- C:\Program Files\Java
2008-03-09 10:37:09 0 d-------- C:\Program Files\LimeWire
2008-03-02 12:18:26 0 d-------- C:\Program Files\PayPal
2008-03-02 12:18:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-02 12:18:01 0 d-------- C:\Documents and Settings\Roger A. Orfila\Application Data\InstallShield
2008-02-23 06:51:51 0 d-------- C:\Program Files\Windows Live
2008-02-23 06:51:19 0 d-------- C:\Program Files\Windows Live Toolbar
2008-02-22 17:59:18 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 15:50:06 0 d-------- C:\Documents and Settings\Roger A. Orfila\Application Data\Adobe
2008-02-09 09:05:40 0 d-------- C:\Program Files\Lexmark 1200 Series


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
12/03/2007 01:12 PM 282624 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [03/19/2002 05:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 08:00 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 04:27 AM]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 07:15 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03 PM]
"@"="" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 PM C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/2006 01:22 PM]
"dbar_starter"="C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [08/21/2007 11:44 AM]
"ModemOnHold"="C:\PROGRA~1\DELLMO~1\moh.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/22/2003 9:13:05 PM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [1/25/2007 8:28:01 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/1/2007 11:36:31 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/21/2003 8:27:41 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-06 18:56:59 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1022.48 MiB / 467.94 MiB
Pagefile Memory (total/avail): 1309.14 MiB / 693.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.57 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 23.41 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 5T040H4 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"="C:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe:*:Enabled:ABBYY FineReader 5.0 Sprint"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Documents and Settings\\Deborah Sotomayor\\Desktop\\incredimail_install.exe"="C:\\Documents and Settings\\Deborah Sotomayor\\Desktop\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\IncrediMail\\bin\\ImNotfy.exe"="C:\\Program Files\\IncrediMail\\bin\\ImNotfy.exe:*:Enabled:ImNotfy"
"C:\\Program Files\\CallWave\\IAM.exe"="C:\\Program Files\\CallWave\\IAM.exe:*:Disabled:CallWave"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"C:\\Documents and Settings\\Roger A. Orfila\\Local Settings\\Temporary Internet Files\\Content.IE5\\K507SNCV\\incredimail_install[1].exe"="C:\\Documents and Settings\\Roger A. Orfila\\Local Settings\\Temporary Internet Files\\Content.IE5\\K507SNCV\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Documents and Settings\\Roger A. Orfila\\Desktop\\Downloads\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Documents and Settings\\Roger A. Orfila\\Desktop\\Downloads\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\upgrade\\upgradeST.exe"="C:\\upgrade\\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Deborah Sotomayor\\Local Settings\\Temporary Internet Files\\Content.IE5\\5ZH1WV9O\\incredimail_install[1].exe"="C:\\Documents and Settings\\Deborah Sotomayor\\Local Settings\\Temporary Internet Files\\Content.IE5\\5ZH1WV9O\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\WINDOWS\\system32\\lxcycoms.exe"="C:\\WINDOWS\\system32\\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Documents and Settings\\Deborah Sotomayor\\Local Settings\\Temporary Internet Files\\Content.IE5\\RO9LZ1GX\\magentic_install[1].exe"="C:\\Documents and Settings\\Deborah Sotomayor\\Local Settings\\Temporary Internet Files\\Content.IE5\\RO9LZ1GX\\magentic_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Roger A. Orfila\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOYER-GENESIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Roger A. Orfila
LOGONSERVER=\\YOYER-GENESIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\gs\gs7.05\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROGERA~1.ORF\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROGERA~1.ORF\LOCALS~1\Temp
USERDOMAIN=YOYER-GENESIS
USERNAME=Roger A. Orfila
USERPROFILE=C:\Documents and Settings\Roger A. Orfila
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Roger A. Orfila (admin)
Deborah Sotomayor (admin)
Yoyersito
Genesis (new local)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SB Live! 24-bit\Program\SETUP.EXE" /S /U /W
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57D8342-E2E4-46F4-915A-F50817CBCB45}\SETUP.EXE" -l0xa
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Broderbund Media Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}\setup.exe" -l0x9 AddRem
BrowsingAdvisor --> C:\Program Files\BrowsingAdvisor\uninstall.exe
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
ClickArt® 10,000 Image Pack --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\CLICKA~1\DeIsL1.isu"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanelAnyText
DocSmartz - PDF to Word Converter v3.0 --> C:\PROGRA~1\DOCSMA~1\UNWISE.EXE /A C:\PROGRA~1\DOCSMA~1\INSTALL.LOG
exPressit S.E. 2.1 --> "C:\Program Files\exPressit S.E. 2.1\UninstallerData\Uninstall exPressit S.E. 2.1.exe"
Fax and Photocopy --> C:\PROGRA~1\eGames\UNWISE.EXE C:\PROGRA~1\eGames\INSTALL.LOG
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Expert --> C:\WINDOWS\IsUn040a.exe -f"C:\Program Files\Sierra Imaging\Image Expert\Uninst.isu" -c"C:\Program Files\Sierra Imaging\Image Expert\uninstall.dll
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intro Text Screen Saver --> C:\WINDOWS\Intro Text.scr /U
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Lexmark 1200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
Lexmark Skin: Blockhead --> C:\PROGRA~1\LEXMAR~2\Skin6\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin6\INSTALL.LOG
Lexmark Skin: Machine1 --> C:\PROGRA~1\LEXMAR~2\Skin5\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin5\INSTALL.LOG
Lexmark Skin: Mechanic --> C:\PROGRA~1\LEXMAR~2\Skin10\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin10\INSTALL.LOG
Lexmark Skin: Nature TV1 --> C:\PROGRA~1\LEXMAR~2\Skin1\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin1\INSTALL.LOG
Lexmark Skin: Nature TV3 --> C:\PROGRA~1\LEXMAR~2\Skin3\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin3\INSTALL.LOG
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Micro Innovations Internet Access Elite Keyboard --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
My DSC --> C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Office Animation Runtime --> MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
PlayMP3z --> C:\Program Files\PlayMP3z\uninstall.exe
PrintMaster 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A304FDE-F4E3-446D-AA0D-31425C897B71}\setup.exe" -l0x9 anything
PrintMaster Express --> C:\PROGRA~1\BRODER~1\PRINTM~2\UNWISE.EXE C:\PROGRA~1\BRODER~1\PRINTM~2\INSTALL.LOG
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Search Assistant Adssite --> C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{734BB64A-5A3D-4624-867D-6358B7068496}\SETUP.EXE" -l0x9
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Storybook Weaver Deluxe --> C:\WINDOWS\uninst.exe -f"C:\Program Files\MECC\SBWDLX\DeIsL1.isu"
The Print Shop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}\setup.exe" -l0x9 anything
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Tweakui Powertoy for Windows XP --> MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Virtual Desktop Manager Powertoy for Windows XP --> MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows 2000 Support Tools --> MsiExec.exe /I{242365CD-80F2-11D2-989A-00C04F7978A9}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
winvi (remove only) --> "C:\Program Files\winvi\uninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type11860 / Error
Event Submitted/Written: 04/06/2008 10:53:07 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type11856 / Success
Event Submitted/Written: 04/06/2008 10:31:36 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type11852 / Warning
Event Submitted/Written: 04/05/2008 08:06:55 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11848 / Warning
Event Submitted/Written: 04/04/2008 08:36:59 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11847 / Warning
Event Submitted/Written: 04/04/2008 08:27:56 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{81A34902-9D0B-4920-A25C-4CDC5D14B328}', feature 'PaintShopPro8_Premium' failed during request for component '{BB2BA268-F060-4F1F-9897-3097F115FF91}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type54907 / Warning
Event Submitted/Written: 04/06/2008 06:56:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOYER-GENESIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOYER-GENESIS27 can't undo changes that you allow.

For more information please see the following:
%YOYER-GENESIS275

Scan ID: {13F45AB1-40B9-4E6F-849F-851805F5773F}

User: YOYER-GENESIS\Roger A. Orfila

Name: %YOYER-GENESIS271

ID: %YOYER-GENESIS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOYER-GENESIS276

Alert Type: %YOYER-GENESIS278

Detection Type: 1.1.1593.02

Event Record #/Type54906 / Warning
Event Submitted/Written: 04/06/2008 06:56:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOYER-GENESIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOYER-GENESIS27 can't undo changes that you allow.

For more information please see the following:
%YOYER-GENESIS275

Scan ID: {30F9636C-EFF5-42AA-9ABB-104C3B6B13CB}

User: YOYER-GENESIS\Roger A. Orfila

Name: %YOYER-GENESIS271

ID: %YOYER-GENESIS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOYER-GENESIS276

Alert Type: %YOYER-GENESIS278

Detection Type: 1.1.1593.02

Event Record #/Type54898 / Warning
Event Submitted/Written: 04/06/2008 11:45:38 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOYER-GENESIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOYER-GENESIS27 can't undo changes that you allow.

For more information please see the following:
%YOYER-GENESIS275

Scan ID: {B2A14FC2-BE66-4C91-B564-B3A8F08D2A6D}

User: YOYER-GENESIS\Roger A. Orfila

Name: %YOYER-GENESIS271

ID: %YOYER-GENESIS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOYER-GENESIS276

Alert Type: %YOYER-GENESIS278

Detection Type: 1.1.1593.02

Event Record #/Type54789 / Warning
Event Submitted/Written: 04/03/2008 07:48:43 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOYER-GENESIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOYER-GENESIS27 can't undo changes that you allow.

For more information please see the following:
%YOYER-GENESIS275

Scan ID: {F20EDFA6-71AA-45A7-B757-E437826915CC}

User: YOYER-GENESIS\Yoyersito

Name: %YOYER-GENESIS271

ID: %YOYER-GENESIS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOYER-GENESIS276

Alert Type: %YOYER-GENESIS278

Detection Type: 1.1.1593.02

Event Record #/Type54775 / Error
Event Submitted/Written: 04/03/2008 07:34:58 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.



-- End of Deckard's System Scanner: finished at 2008-04-06 18:56:59 ------------

BC AdBot (Login to Remove)

 


#2 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 14 April 2008 - 03:17 PM

Today I found Trojan.Vundo, Adrotator.IconAds, ErrorDoctor and Zlob.Trojan.

Installed and ran the full version of SpyHunter. It removed 105 entries of Zlob.Trojan, but the PC stiil has problems.

#3 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 19 April 2008 - 09:05 AM

Please, help.

Sorry for bumping this topic. This PC is a necessary tool for my wife, who is a teacher and needs it, and I really believe you can help us.

I found Trojan.Vundo, Adrotator.IconAds, ErrorDoctor and Zlob.Trojan.

Installed and ran the full version of SpyHunter. It removed 105 entries of Zlob.Trojan, but the PC stiil has problems.

Yesterday, I scanned again my PC with Kaspersky and HiJackThis.

The KasperSky log is 4.42MB and was too long to post.

Problems in my PC are:
- Can't boot in "safe mode"
- Can't boot in "normal mode". It says: "no boot device detected".
- Active desktop is locked. I found that uninstalling Adobe Flash Player controls somehow the ads that come up here, but affects other applications.
- Can't change the desktop.
- Found when defragmenting the disk that it was almost full of fagmented files. Did a search and found the "temp" folder from one of the users full of extremely large files that downloaded in one day... files that my computer didn't recognized. They showed like images, but the PC couldn't open them. After erasing them, the computer ran better and defragmenting was neater.
- Very slow operation; cleaned cache, disk clean-up and defragment.
- When I ran HiJackThis, all the browser windows closed. Also, there was no extra.txt document.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 19, 2008 7:46:32 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 640226
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 92205
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 3
Duration of the scan process: 06:30:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\The Print Shop\PMWPRINT.INI Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-192347.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080418_Time-120200312_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080418_Time-120200312_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_YOYER-GENESIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_YOYER-GENESIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUadbe0030.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUadbe0040.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUyhoo0010.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Messages\ENU\read0600win_ENUadbe0700.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Security\addressbook.acrodata Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\added.clam Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\added.clam Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\exception.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Online Services\Cache\Photoshop Album\cache.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Online Services\Cache\Photoshop Album\manifest.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\Log.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\olsactiondict.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\olshostprefs.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\olsprefs.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\psa.prf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\status.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\AdobeUM\AcRdB7_0_8.sta Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\AdobeUM\AcRdB7_0_9.sta Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\AdobeUM\AcRdS7_0_0.sta Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\Nero BackItUp\Cache\NBService.log Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroShowTime.bmk Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\GCHWCfg.bak Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\GCHWCfg.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\NeroVisionLog.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\nve-am.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\nve-mtmpl.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\nve-vobmap.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\ArcSoft\PhotoMVP\4.0.2\PhotoMVP.ini Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Cnfdentl.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\faxlog32.cdx Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\faxlog32.dbf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\faxlog32.fpt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Simple.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Standard.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Urgent.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\FAXLOG32.CDX Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\FAXLOG32.DBF Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\FAXLOG32.FPT Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\fm3032.INI Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Brushes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\EnvironmentMaps.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Frames.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Gradients.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Palettes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Patterns.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\PSPPLCachV8E.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Shapes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Styled Lines.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Swatches.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\templatecats.sdb Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\templatedata.sdb Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Textures.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Tubes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\awsettings.awc Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\description.ini Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2004-12-28 19-33-52.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2005-08-06 14-33-38.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2005-08-26 23-50-55.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2006-06-25 11-35-00.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2006-12-02 22-16-16.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-02-21 22-09-58.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-03-11 12-36-58.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-05-01 22-26-45.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-11-12 20-12-06.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-12-02 14-58-12.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-02-02 14-39-20.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-03-16 10-19-16.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-03-16 16-47-20.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-03-31 21-34-50.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-04-01 05-28-52.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\AWEVLOG.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\rmp.awd Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\settings.awc Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\stats.awd Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Leadertech\PowerRegister\PowerReg.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Logitech\SetPoint\gamelist.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Logitech\SetPoint\Last_user.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Logitech\SetPoint\user.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\a.dolimg.com\UserPreferences.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adcontent.videoegg.com\EAPUSER.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adcontent.videoegg.com\vepui.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adisneyworld.disney.go.com\character.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adisneyworld.disney.go.com\WDWAudioTag.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\agame.com\fsonetpet.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\agame.com\mirror\flash\k\kissing_during_work.swf\OffichuLove.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\agame.com\mirror\flash\s\stylin_fashion.swf\sh_autopos.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\americangreetings.com\www.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\apps.rockyou.com\board\corkboard.swf\historyData.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\apps.rockyou.com\board\viewer.swf\historyData.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\assets.espn.go.com\motion\fsp\FSPRoot\espnmotion6_cv.swf\fspSettings.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\atv.disney.go.com\hsm2DownloadPointsLSO.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\baltimore.orioles.mlb.com\flash\team_video\team_video_v2.swf\mlb_homepage_video.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bandtools.nabbr.com\bandtools\media\global_assets\adPlayer02.swf\Lightningcast.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\barbie.com\barbieflashcookie.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\barbie.everythinggirl.com\activities\btv\raven\raven_landing.swf\TestMovie_Config_Info.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\barbie.everythinggirl.com\activities\fantasy\fairytopia\fairytopiaData.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf\time.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf\timeexp.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf;jsessionid=1DF6BD9CCDB2B7AFFC86A37F8D177498\time.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf;jsessionid=1DF6BD9CCDB2B7AFFC86A37F8D177498\timeexp.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bin.clearspring.com\clearspring.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\c.distralytics.com\sessions.sol Object is locked skipped

LOG WAS EXTREMELY HUGE AND COULD NOT POST IT HERE COMPLETELY.



Deckard's System Scanner v20071014.68
Run by Roger A. Orfila on 2008-04-19 09:12:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Roger A. Orfila.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:08 AM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Roger A. Orfila\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Roger A. Orfila.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\DELLMO~1\moh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxuk100XXPR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EBE1406-BE0E-44E6-AE10-247A0C5AEDCF} (McAfee Virtual Technician) - https://mvt.mcafee.com/mvt/cab/mvt9x.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/36/install/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://samsclubpr.pnimedia.com/upload/acti...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - http://www.televicentropr.com/images/doppler2.jpg

--
End of file - 11872 bytes

-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 09:12:51 0 d-------- C:\Program Files\Trend Micro
2008-04-14 13:02:38 0 d-------- C:\Program Files\Enigma Software Group
2008-04-12 14:33:53 4068 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 12:24:55 0 d-------- C:\Program Files\XoftSpySE
2008-04-06 11:45:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 11:45:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-03 20:00:22 0 d-------- C:\Documents and Settings\Genesis\Application Data\Logitech
2008-04-03 20:00:04 0 d-------- C:\Documents and Settings\Genesis\Application Data\Identities
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Templates
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Start Menu
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\SendTo
2008-04-03 19:59:53 0 dr-h----- C:\Documents and Settings\Genesis\Recent
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\PrintHood
2008-04-03 19:59:53 786432 --ah----- C:\Documents and Settings\Genesis\ntuser.dat
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\NetHood
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\My Documents
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Local Settings
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\Favorites
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Desktop
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Cookies
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Application Data
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Application Data\Microsoft
2008-04-01 20:14:24 0 d-------- C:\WINDOWS\system32\NtmsData


-- Find3M Report ---------------------------------------------------------------

2008-04-12 09:14:46 0 d-------- C:\Program Files\winvi
2008-04-02 20:53:14 0 d-------- C:\Program Files\Support Tools
2008-03-16 09:43:35 0 d-------- C:\Program Files\BrowsingAdvisor
2008-03-14 18:14:30 0 d-------- C:\Program Files\dbar
2008-03-11 07:21:47 0 d-------- C:\Program Files\Java
2008-03-09 10:37:09 0 d-------- C:\Program Files\LimeWire
2008-03-02 12:18:26 0 d-------- C:\Program Files\PayPal
2008-03-02 12:18:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-02 12:18:01 0 d-------- C:\Documents and Settings\Roger A. Orfila\Application Data\InstallShield
2008-02-23 06:51:51 0 d-------- C:\Program Files\Windows Live
2008-02-23 06:51:19 0 d-------- C:\Program Files\Windows Live Toolbar
2008-02-22 17:59:18 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [03/19/2002 05:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 08:00 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 04:27 AM]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 07:15 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03 PM]
"@"="" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 PM C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/2006 01:22 PM]
"dbar_starter"="C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe" []
"Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [08/21/2007 11:44 AM]
"ModemOnHold"="C:\PROGRA~1\DELLMO~1\moh.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/22/2003 9:13:05 PM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [1/25/2007 8:28:01 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/1/2007 11:36:31 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/21/2003 8:27:41 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-19 09:13:43 ------------

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 19 April 2008 - 03:33 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 19 April 2008 - 03:38 PM

Sorry for bumping this topic. This PC is a necessary tool for my wife, who is a teacher and needs it, and I really believe you can help us.

I found Trojan.Vundo, Adrotator.IconAds, ErrorDoctor and Zlob.Trojan.

Installed and ran the full version of SpyHunter. It removed 105 entries of Zlob.Trojan, but the PC stiil has problems.

Yesterday, I scanned again my PC with Kaspersky and HiJackThis.

The KasperSky log is 4.42MB and was too long to post.

Problems in my PC are:
- Can't boot in "safe mode"
- Can't boot in "normal mode". It says: "no boot device detected".
- Active desktop is locked. I found that uninstalling Adobe Flash Player controls somehow the ads that come up here, but affects other applications.
- Can't change the desktop.
- Found when defragmenting the disk that it was almost full of fagmented files. Did a search and found the "temp" folder from one of the users full of extremely large files that downloaded in one day... files that my computer didn't recognized. They showed like images, but the PC couldn't open them. After erasing them, the computer ran better and defragmenting was neater.
- Very slow operation; cleaned cache, disk clean-up and defragment.
- When I ran HiJackThis, all the browser windows closed. Also, there was no extra.txt document.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 19, 2008 7:46:32 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 640226
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 92205
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 3
Duration of the scan process: 06:30:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\The Print Shop\PMWPRINT.INI Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-192347.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080418_Time-120200312_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080418_Time-120200312_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_YOYER-GENESIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_YOYER-GENESIS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUadbe0030.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUadbe0040.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUyhoo0010.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Messages\ENU\read0600win_ENUadbe0700.pdf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Security\addressbook.acrodata Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\added.clam Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\added.clam Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\exception.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Online Services\Cache\Photoshop Album\cache.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Online Services\Cache\Photoshop Album\manifest.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\Log.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\olsactiondict.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\olshostprefs.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\olsprefs.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\psa.prf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Adobe\Photoshop Album\status.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\AdobeUM\AcRdB7_0_8.sta Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\AdobeUM\AcRdB7_0_9.sta Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\AdobeUM\AcRdS7_0_0.sta Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\Nero BackItUp\Cache\NBService.log Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroShowTime.bmk Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\GCHWCfg.bak Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\GCHWCfg.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\NeroVisionLog.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\nve-am.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\nve-mtmpl.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Ahead\NeroVision\nve-vobmap.bin Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\ArcSoft\PhotoMVP\4.0.2\PhotoMVP.ini Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Cnfdentl.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\faxlog32.cdx Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\faxlog32.dbf Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\faxlog32.fpt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Simple.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Standard.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\Coverpgs\Urgent.pg Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\FAXLOG32.CDX Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\FAXLOG32.DBF Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\FAXLOG32.FPT Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\FaxCtr\fm3032.INI Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Brushes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\EnvironmentMaps.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Frames.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Gradients.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Palettes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Patterns.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\PSPPLCachV8E.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Shapes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Styled Lines.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Swatches.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\templatecats.sdb Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\templatedata.sdb Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Textures.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Tubes.PspCache Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\awsettings.awc Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\description.ini Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2004-12-28 19-33-52.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2005-08-06 14-33-38.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2005-08-26 23-50-55.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2006-06-25 11-35-00.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2006-12-02 22-16-16.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-02-21 22-09-58.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-03-11 12-36-58.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-05-01 22-26-45.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-11-12 20-12-06.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2007-12-02 14-58-12.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-02-02 14-39-20.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-03-16 10-19-16.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-03-16 16-47-20.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-03-31 21-34-50.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware log2008-04-01 05-28-52.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\logs\AWEVLOG.txt Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\rmp.awd Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\settings.awc Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Lavasoft\Ad-Aware\stats.awd Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Leadertech\PowerRegister\PowerReg.dat Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Logitech\SetPoint\gamelist.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Logitech\SetPoint\Last_user.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Logitech\SetPoint\user.xml Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\a.dolimg.com\UserPreferences.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adcontent.videoegg.com\EAPUSER.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adcontent.videoegg.com\vepui.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adisneyworld.disney.go.com\character.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\adisneyworld.disney.go.com\WDWAudioTag.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\agame.com\fsonetpet.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\agame.com\mirror\flash\k\kissing_during_work.swf\OffichuLove.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\agame.com\mirror\flash\s\stylin_fashion.swf\sh_autopos.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\americangreetings.com\www.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\apps.rockyou.com\board\corkboard.swf\historyData.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\apps.rockyou.com\board\viewer.swf\historyData.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\assets.espn.go.com\motion\fsp\FSPRoot\espnmotion6_cv.swf\fspSettings.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\atv.disney.go.com\hsm2DownloadPointsLSO.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\baltimore.orioles.mlb.com\flash\team_video\team_video_v2.swf\mlb_homepage_video.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bandtools.nabbr.com\bandtools\media\global_assets\adPlayer02.swf\Lightningcast.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\barbie.com\barbieflashcookie.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\barbie.everythinggirl.com\activities\btv\raven\raven_landing.swf\TestMovie_Config_Info.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\barbie.everythinggirl.com\activities\fantasy\fairytopia\fairytopiaData.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf\time.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf\timeexp.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf;jsessionid=1DF6BD9CCDB2B7AFFC86A37F8D177498\time.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bebes.guiainfantil.com\kickapps\flash\clean_wide_row.swf;jsessionid=1DF6BD9CCDB2B7AFFC86A37F8D177498\timeexp.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\bin.clearspring.com\clearspring.sol Object is locked skipped
C:\Documents and Settings\Deborah Sotomayor\Application Data\Macromedia\Flash Player\#SharedObjects\PKVJFMGR\c.distralytics.com\sessions.sol Object is locked skipped

LOG WAS EXTREMELY HUGE AND COULD NOT POST IT HERE COMPLETELY.



Deckard's System Scanner v20071014.68
Run by Roger A. Orfila on 2008-04-19 09:12:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Roger A. Orfila.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:08 AM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Roger A. Orfila\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Roger A. Orfila.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\DELLMO~1\moh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxuk100XXPR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EBE1406-BE0E-44E6-AE10-247A0C5AEDCF} (McAfee Virtual Technician) - https://mvt.mcafee.com/mvt/cab/mvt9x.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/36/install/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://samsclubpr.pnimedia.com/upload/acti...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - http://www.televicentropr.com/images/doppler2.jpg

--
End of file - 11872 bytes

-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 09:12:51 0 d-------- C:\Program Files\Trend Micro
2008-04-14 13:02:38 0 d-------- C:\Program Files\Enigma Software Group
2008-04-12 14:33:53 4068 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 12:24:55 0 d-------- C:\Program Files\XoftSpySE
2008-04-06 11:45:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 11:45:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-03 20:00:22 0 d-------- C:\Documents and Settings\Genesis\Application Data\Logitech
2008-04-03 20:00:04 0 d-------- C:\Documents and Settings\Genesis\Application Data\Identities
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Templates
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Start Menu
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\SendTo
2008-04-03 19:59:53 0 dr-h----- C:\Documents and Settings\Genesis\Recent
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\PrintHood
2008-04-03 19:59:53 786432 --ah----- C:\Documents and Settings\Genesis\ntuser.dat
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\NetHood
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\My Documents
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Local Settings
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\Favorites
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Desktop
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Cookies
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Application Data
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Application Data\Microsoft
2008-04-01 20:14:24 0 d-------- C:\WINDOWS\system32\NtmsData


-- Find3M Report ---------------------------------------------------------------

2008-04-12 09:14:46 0 d-------- C:\Program Files\winvi
2008-04-02 20:53:14 0 d-------- C:\Program Files\Support Tools
2008-03-16 09:43:35 0 d-------- C:\Program Files\BrowsingAdvisor
2008-03-14 18:14:30 0 d-------- C:\Program Files\dbar
2008-03-11 07:21:47 0 d-------- C:\Program Files\Java
2008-03-09 10:37:09 0 d-------- C:\Program Files\LimeWire
2008-03-02 12:18:26 0 d-------- C:\Program Files\PayPal
2008-03-02 12:18:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-02 12:18:01 0 d-------- C:\Documents and Settings\Roger A. Orfila\Application Data\InstallShield
2008-02-23 06:51:51 0 d-------- C:\Program Files\Windows Live
2008-02-23 06:51:19 0 d-------- C:\Program Files\Windows Live Toolbar
2008-02-22 17:59:18 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [03/19/2002 05:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 08:00 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 04:27 AM]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 07:15 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03 PM]
"@"="" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 PM C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/2006 01:22 PM]
"dbar_starter"="C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe" []
"Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [08/21/2007 11:44 AM]
"ModemOnHold"="C:\PROGRA~1\DELLMO~1\moh.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/22/2003 9:13:05 PM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [1/25/2007 8:28:01 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/1/2007 11:36:31 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/21/2003 8:27:41 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-19 09:13:43 ------------

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 20 April 2008 - 03:39 AM

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HijackThis log.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 20 April 2008 - 05:54 AM

Hi, Charles.

Here it is:

ComboFix 08-04-18.3 - Roger A. Orfila 2008-04-20 19:02:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.387 [GMT -4:00]
Running from: C:\Documents and Settings\Roger A. Orfila\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2067-02-24 15:21 . 2003-02-05 04:02 79,947 --a--c--- C:\WINDOWS\fw20.vxd
2008-04-19 09:12 . 2008-04-19 09:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 09:12 . 2008-04-20 08:00 <DIR> d-------- C:\Deckard
2008-04-14 13:02 . 2008-04-14 13:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-12 14:33 . 2008-04-12 14:45 4,068 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 12:24 . 2008-04-12 12:27 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-06 11:45 . 2008-04-06 11:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 11:45 . 2008-04-06 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-03 20:00 . 2008-04-03 20:00 <DIR> d-------- C:\Documents and Settings\Genesis\Application Data\Logitech
2008-04-03 19:59 . 2008-04-03 19:59 <DIR> d-------- C:\Documents and Settings\Genesis
2008-04-03 19:59 . 2008-04-20 16:14 1,024 --ah----- C:\Documents and Settings\Genesis\ntuser.dat.LOG
2008-04-01 20:14 . 2008-04-01 20:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-04-03 00:53 --------- d-----w C:\Program Files\Support Tools
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 11:21 --------- d-----w C:\Program Files\Java
2008-02-23 10:51 --------- d-----w C:\Program Files\Windows Live
2008-02-22 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-22 21:59 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-07-25 00:18 128,856 -c--a-w C:\Documents and Settings\Roger A. Orfila\Application Data\GDIPFONTCACHEV1.DAT
2007-01-24 22:02 124,056 -c--a-w C:\Documents and Settings\Yoyersito\Application Data\GDIPFONTCACHEV1.DAT
2003-12-07 14:13 9,134,648 -c--a-w C:\Program Files\AdbeRdr60_enu.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_ 6.44.55.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 10:16:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 20:14:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2002-04-11 05:41:06 65,536 ----a-w C:\WINDOWS\system32\A3d.dll
+ 2001-09-19 17:32:26 720,896 ----a-w C:\WINDOWS\system32\a3d.dll
- 2002-04-11 05:41:06 65,536 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-09-19 17:32:26 720,896 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 11:44 208946]
"ModemOnHold"="C:\PROGRA~1\DELLMO~1\moh.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 17:30 45632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 04:27 401408]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 07:15 40960]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 13:22 57344]
"dbar_starter"="C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe" [ ]
"Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-11-22 21:13:05 45056]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2007-01-25 20:28:01 331776]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-01 11:36:31 671744]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-12-21 20:27:41 106560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\IncrediMail\\bin\\ImNotfy.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\upgrade\\upgradeST.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys []
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-02-19 00:13]
S3 usbu2a;UsbU2A;C:\WINDOWS\system32\Drivers\usbu2a.sys [2001-08-30 17:14]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 16:09:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-20 20:18:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-05-21 14:50:37 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-04-14 17:46:28 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
"2008-04-12 16:25:01 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 19:05:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-04-20 19:10:08
ComboFix-quarantined-files.txt 2008-04-20 23:09:00
ComboFix2.txt 2008-04-20 10:46:29

Pre-Run: 25,327,841,280 bytes free
Post-Run: 25,340,833,792 bytes free

146 --- E O F --- 2008-04-18 21:41:49


Deckard's System Scanner v20071014.68
Run by Roger A. Orfila on 2008-04-20 19:12:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Roger A. Orfila.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:41 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Roger A. Orfila\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ROGERA~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\DELLMO~1\moh.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxuk100XXPR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EBE1406-BE0E-44E6-AE10-247A0C5AEDCF} (McAfee Virtual Technician) - https://mvt.mcafee.com/mvt/cab/mvt9x.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/36/install/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://samsclubpr.pnimedia.com/upload/acti...upv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - http://www.televicentropr.com/images/doppler2.jpg

--
End of file - 11437 bytes

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-20 06:35:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-20 06:35:50 68096 --a------ C:\WINDOWS\zip.exe
2008-04-20 06:35:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-20 06:35:50 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-20 06:35:50 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-20 06:35:50 98816 --a------ C:\WINDOWS\sed.exe
2008-04-20 06:35:50 80412 --a------ C:\WINDOWS\grep.exe
2008-04-20 06:35:50 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-19 09:12:51 0 d-------- C:\Program Files\Trend Micro
2008-04-14 13:02:38 0 d-------- C:\Program Files\Enigma Software Group
2008-04-12 14:33:53 4068 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 12:24:55 0 d-------- C:\Program Files\XoftSpySE
2008-04-06 11:45:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 11:45:34 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-03 20:00:22 0 d-------- C:\Documents and Settings\Genesis\Application Data\Logitech
2008-04-03 20:00:04 0 d-------- C:\Documents and Settings\Genesis\Application Data\Identities
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Templates
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Start Menu
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\SendTo
2008-04-03 19:59:53 0 dr-h----- C:\Documents and Settings\Genesis\Recent
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\PrintHood
2008-04-03 19:59:53 786432 --ah----- C:\Documents and Settings\Genesis\ntuser.dat
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\NetHood
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\My Documents
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Local Settings
2008-04-03 19:59:53 0 dr------- C:\Documents and Settings\Genesis\Favorites
2008-04-03 19:59:53 0 d-------- C:\Documents and Settings\Genesis\Desktop
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Cookies
2008-04-03 19:59:53 0 d--h----- C:\Documents and Settings\Genesis\Application Data
2008-04-03 19:59:53 0 d---s---- C:\Documents and Settings\Genesis\Application Data\Microsoft
2008-04-01 20:14:24 0 d-------- C:\WINDOWS\system32\NtmsData


-- Find3M Report ---------------------------------------------------------------

2008-04-19 12:04:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 20:53:14 0 d-------- C:\Program Files\Support Tools
2008-03-11 07:21:47 0 d-------- C:\Program Files\Java
2008-02-23 06:51:51 0 d-------- C:\Program Files\Windows Live
2008-02-22 17:59:18 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [03/19/2002 05:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [08/18/2004 08:00 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 04:27 AM]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 07:15 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 PM C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/2006 01:22 PM]
"dbar_starter"="C:\Documents and Settings\Deborah Sotomayor\Application Data\Deskbar_{B42DE625-479D-44f8-BEF0-12D029ED4F46}\starter.exe" []
"Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [08/21/2007 11:44 AM]
"ModemOnHold"="C:\PROGRA~1\DELLMO~1\moh.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/22/2003 9:13:05 PM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [1/25/2007 8:28:01 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/1/2007 11:36:31 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/21/2003 8:27:41 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-20 19:13:51 ------------

Edited by orsilr, 20 April 2008 - 06:18 PM.


#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 22 April 2008 - 02:31 PM

Please visit the online Jotti Virus Scanner
Click on Browse button.
Copy and paste the following filepath in the box:

C:\WINDOWS\fw20.vxd

Click on the Open button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 22 April 2008 - 06:42 PM

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1



File to upload & scan:



Service
Service load: 0% 100%

File: fw20.vxd
Status: OK
MD5: fdccfcb07a5ef1b4da039834b07e5fe7
Packers detected: -
Bit9 reports: No threat detected (more info)



Scanner results
Scan taken on 22 Apr 2008 23:37:13 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by


Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.




Statistics
Last file scanned at least one scanner reported something about: Foto_del_booteador.rar (MD5: 08e94c02f14808b32ee4b1c0fbf2f66b, size: 6788 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir BDS/Poisonivy.j
ArcaVir Trojan.Poisonivy.J
Avast Win32:PoisonIvy-AM
AVG Antivirus Agent.WL
BitDefender Backdoor.PoisonIvy.J
ClamAV Trojan.Small-998
CPsecure BackDoor.W32.PoisonIvy.J
Dr.Web Trojan.Inject.549
F-Prot Antivirus X
F-Secure Anti-Virus Trojan.Win32.Inject.mq
Fortinet W32/Small.NCL!tr.bdr
Ikarus Backdoor.Win32.PoisonIvy.j
Kaspersky Anti-Virus Trojan.Win32.Inject.mq
NOD32 Win32/Small.NCL
Norman Virus Control X
Panda Antivirus Bck/Agent.DVI
Sophos Antivirus Troj/Qova-A
VirusBuster Trojan.DL.Agent.XGB
VBA32 MalwareScope.Trojan-Downloader.Obfuscated.5


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

© 2004-2008 Jordi Bosveld <jotti@jotti.org>

Edited by orsilr, 22 April 2008 - 07:23 PM.


#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 28 April 2008 - 03:15 AM

I'm sorry about the delay, I've been having lots of problems with my internet recently, but it should be sorted out now.
Since it's been a little while, can you run a new scan with Combofix for me,?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 29 April 2008 - 06:34 PM

Here it is:

ComboFix 08-04-18.3 - Roger A. Orfila 2008-04-29 19:08:03.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.434 [GMT -4:00]
Running from: C:\Documents and Settings\Roger A. Orfila\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2067-02-24 15:21 . 2003-02-05 04:02 79,947 --a--c--- C:\WINDOWS\fw20.vxd
2008-04-27 13:09 . 2008-04-27 13:18 <DIR> d-------- C:\Program Files\RegCure
2008-04-26 11:00 . 2008-04-26 11:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-04-26 10:44 . 2008-04-26 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-04-26 10:44 . 2008-04-26 10:44 441,760 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-04-26 10:44 . 2008-04-26 10:44 129,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-04-26 10:44 . 2008-04-26 10:44 44,384 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-26 10:43 . 2008-04-26 10:43 368,544 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2008-04-26 10:42 . 2008-04-26 10:43 <DIR> d-------- C:\Program Files\Common Files\Acronis
2008-04-26 10:42 . 2008-04-26 10:42 <DIR> d-------- C:\Program Files\Acronis
2008-04-19 09:12 . 2008-04-19 09:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-19 09:12 . 2008-04-20 08:00 <DIR> d-------- C:\Deckard
2008-04-14 13:02 . 2008-04-14 13:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-12 14:33 . 2008-04-12 14:45 4,068 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 12:24 . 2008-04-12 12:27 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-06 11:45 . 2008-04-06 11:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 11:45 . 2008-04-06 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-03 20:00 . 2008-04-03 20:00 <DIR> d-------- C:\Documents and Settings\Genesis\Application Data\Logitech
2008-04-03 19:59 . 2008-04-03 19:59 <DIR> d-------- C:\Documents and Settings\Genesis
2008-04-03 19:59 . 2008-04-29 19:17 1,024 --ah----- C:\Documents and Settings\Genesis\ntuser.dat.LOG
2008-04-01 20:14 . 2008-04-01 20:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 17:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-19 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-04-03 00:53 --------- d-----w C:\Program Files\Support Tools
2008-03-11 11:21 --------- d-----w C:\Program Files\Java
2007-07-25 00:18 128,856 -c--a-w C:\Documents and Settings\Roger A. Orfila\Application Data\GDIPFONTCACHEV1.DAT
2007-01-24 22:02 124,056 -c--a-w C:\Documents and Settings\Yoyersito\Application Data\GDIPFONTCACHEV1.DAT
2003-12-07 14:13 9,134,648 -c--a-w C:\Program Files\AdbeRdr60_enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 11:44 208946]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 17:30 45632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-08-09 04:27 401408]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-02-21 07:15 40960]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 13:22 57344]
"Spyhunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-11-22 21:13:05 45056]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2007-01-25 20:28:01 331776]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-01 11:36:31 671744]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-12-21 20:27:41 106560]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\IncrediMail\\bin\\ImNotfy.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\upgrade\\upgradeST.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-04-26 10:43]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 20:51]
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys []
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-02-19 00:13]
S3 usbu2a;UsbU2A;C:\WINDOWS\system32\Drivers\usbu2a.sys [2001-08-30 17:14]

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 16:09:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-29 23:21:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-29 23:19:05 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-27 17:09:52 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2006-05-21 14:50:37 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-04-14 17:46:28 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
"2008-04-12 16:25:01 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 19:20:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
.
**************************************************************************
.
Completion time: 2008-04-29 19:30:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 23:30:22
ComboFix2.txt 2008-04-21 12:55:11
ComboFix3.txt 2008-04-20 23:10:09
ComboFix4.txt 2008-04-20 10:46:29

Pre-Run: 24,878,518,272 bytes free
Post-Run: 24,813,297,664 bytes free

166 --- E O F --- 2008-04-26 12:24:50

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 02 May 2008 - 02:54 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 02 May 2008 - 07:44 PM

Hi, Here it is:

Malwarebytes' Anti-Malware 1.11
Database version: 709

Scan type: Quick Scan
Objects scanned: 42964
Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 03 May 2008 - 03:04 PM

How do things seem to be running now?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 orsilr

orsilr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico, USA
  • Local time:05:11 AM

Posted 03 May 2008 - 08:30 PM

GREAT! Even the desktop is unlocked!

The PC looks clean, but is running extremely slow and I'm still booting manually, because it is not recognizing a bootable device when starting. If it is not a malware or a virus, I think the operating system needs a repair.... Have any idea?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users