Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91636 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] "Warning! Spyware has been detected on your com


  • This topic is locked This topic is locked
8 replies to this topic

#1 LWA says

LWA says

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 June 2008 - 01:48 PM

Help! My background wallpaper is a big blue and yellow screen that says "Warning! Spyware has been detected on your computer!" and error messages popping up in the corner telling me to download spyware software and do a full scan of my system. I can't stay connected to the internet, and the system is running very slowly. I had to save HJT to a thumb drive and install it in safe mode, that was the only way I could run the scan. See HJT log below:

Logfile of HijackThis v1.99.1
Scan saved at 15:24: VIRUS ALERT!, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\spools.exe
E:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=64646
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Leslie\cftmon.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [58b10301] rundll32.exe "C:\WINDOWS\system32\bxrlxkyy.dll",b
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Leslie\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Leslie\cftmon.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Leslie\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Leslie\Application Data\Microsoft\dtsc\21865.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\d.exe
O4 - HKCU\..\Run: [run] regsvr32.exe /s "C:\Documents and Settings\LocalService\Application Data\sp1\luapvs.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: Uninstall NETGEAR WG111 Smart Wizard.lnk = C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\Setup.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155843790551
O20 - AppInit_DLLs: interceptor.dll
O21 - SSODL: vltdfabw - {A0DA5DFF-F800-4AD8-B17E-500CD2AA5AB4} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: vregfwlx - {0F072623-CD21-442F-8B15-C7342FD765D7} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: KernelDrv - {f8679881-5520-4bb4-944e-be7d2fe81409} - C:\WINDOWS\Resources\KernelDrv.dll
O21 - SSODL: WinSDRAM - {d634e39b-b531-46d1-a18a-4d8619891d45} - C:\WINDOWS\Resources\WinSDRAM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Advertisements

Register to Remove


#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 02 June 2008 - 06:32 AM

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


#3 LWA says

LWA says

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 02 June 2008 - 07:50 AM

I have a question about the instructions. After running the cleanup process with SDFix, when prompted to press any key to reboot my computer, should I restart it in safe mode?

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 02 June 2008 - 08:38 AM

Nope you can start it in Normal Mode

#5 LWA says

LWA says

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 02 June 2008 - 10:12 PM

Results from SDFix scan:

Deckard's System Scanner v20071014.68
Run by Leslie on 2008-06-02 23:58:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-03 03:58:10 UTC - RP611 - Deckard's System Scanner Restore Point
2: 2008-05-27 02:13:39 UTC - RP610 - Last known good configuration
1: 2008-05-27 02:13:33 UTC - RP609 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Leslie.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:59:42, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Documents and Settings\Leslie\Application Data\Microsoft\dtsc\21865.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpyCatcher 2006\Fingerprint compiler.exe
E:\dss.exe
E:\HIJACK~1\Leslie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=64646
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2CD7191C-B938-465E-8D1F-B81A0F9A178B} - C:\WINDOWS\system32\mlJCSkih.dll
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [58b10301] rundll32.exe "C:\WINDOWS\system32\lekuohcy.dll",b
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Leslie\Application Data\Microsoft\dtsc\21865.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: Uninstall NETGEAR WG111 Smart Wizard.lnk = C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\Setup.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155843790551
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 catchme - c:\docume~1\leslie\locals~1\temp\catchme.sys (file missing)
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R4 jot04 - c:\windows\system32\drivers\jot04.sys (file missing)

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - c:\windows\system32\drivers\wg111nd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR 802.11g Wireless LAN>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG111 802.11g Wireless USB2.0 Adapter
Device ID: USB\VID_0846&PID_4240\3887-0000
Manufacturer: NETGEAR, Inc.
Name: NETGEAR WG111 802.11g Wireless USB2.0 Adapter
PNP Device ID: USB\VID_0846&PID_4240\3887-0000
Service: wg111nd5

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-20 07:25:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 23:56:42 95232 --a------ C:\WINDOWS\system32\lekuohcy.dll
2008-06-02 23:40:00 24320 --a------ C:\WINDOWS\y.exe
2008-06-02 23:39:59 30464 --a------ C:\WINDOWS\xplugin.dll
2008-06-02 23:39:59 10752 --a------ C:\WINDOWS\x.exe
2008-06-02 23:39:59 14336 --a------ C:\WINDOWS\winmgnt.exe
2008-06-02 23:39:59 32768 --a------ C:\WINDOWS\window.exe
2008-06-02 23:39:58 10752 --a------ C:\WINDOWS\winajbm.dll
2008-06-02 23:39:58 18944 --a------ C:\WINDOWS\win64.exe
2008-06-02 23:39:58 21760 --a------ C:\WINDOWS\win32e.exe
2008-06-02 23:39:58 29952 --a------ C:\WINDOWS\waol.exe
2008-06-02 23:39:57 32000 --a------ C:\WINDOWS\users32.exe
2008-06-02 23:39:57 26624 --a------ C:\WINDOWS\time.exe
2008-06-02 23:39:57 19456 --a------ C:\WINDOWS\systemcritical.exe
2008-06-02 23:39:56 17152 --a------ C:\WINDOWS\systeem.exe
2008-06-02 23:39:56 26880 --a------ C:\WINDOWS\svcinit.exe
2008-06-02 23:39:56 16640 --a------ C:\WINDOWS\svchost32.exe
2008-06-02 23:39:56 11776 --a------ C:\WINDOWS\sistem.exe
2008-06-02 23:39:56 19456 --a------ C:\WINDOWS\searchword.dll
2008-06-02 23:39:56 8960 --a------ C:\WINDOWS\rundll16.exe
2008-06-02 23:39:56 31744 --a------ C:\WINDOWS\quicken.exe
2008-06-02 23:39:55 32512 --a------ C:\WINDOWS\qttasks.exe
2008-06-02 23:39:55 19200 --a------ C:\WINDOWS\olehelp.exe
2008-06-02 23:39:54 19712 --a------ C:\WINDOWS\notepad32.exe
2008-06-02 23:39:54 24576 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-02 23:39:54 9216 --a------ C:\WINDOWS\mswsc20.dll
2008-06-02 23:39:54 15104 --a------ C:\WINDOWS\mswsc10.dll
2008-06-02 23:39:54 26624 --a------ C:\WINDOWS\msupdate.exe
2008-06-02 23:39:54 30976 --a------ C:\WINDOWS\mssys.exe
2008-06-02 23:39:53 14080 --a------ C:\WINDOWS\msspi.dll
2008-06-02 23:39:53 25600 --a------ C:\WINDOWS\msconfd.dll
2008-06-02 23:39:53 10496 --a------ C:\WINDOWS\loader.exe
2008-06-02 23:39:53 32256 --a------ C:\WINDOWS\internet.exe
2008-06-02 23:39:52 16896 --a------ C:\WINDOWS\inetinf.exe
2008-06-02 23:39:52 26624 --a------ C:\WINDOWS\iexplorer.exe
2008-06-02 23:39:52 9472 --a------ C:\WINDOWS\iedll.exe
2008-06-02 23:39:52 18944 --a------ C:\WINDOWS\helpcvs.exe
2008-06-02 23:39:52 23808 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-02 23:39:51 14336 --a------ C:\WINDOWS\funny.exe
2008-06-02 23:39:51 25600 --a------ C:\WINDOWS\funniest.exe
2008-06-02 23:39:51 31232 --a------ C:\WINDOWS\explorer32.exe
2008-06-02 23:39:50 28416 --a------ C:\WINDOWS\explore.exe
2008-06-02 23:39:50 27904 --a------ C:\WINDOWS\editpad.exe
2008-06-02 23:39:50 29952 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-02 23:39:49 22272 --a------ C:\WINDOWS\directx32.exe
2008-06-02 23:39:49 15872 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-02 23:39:49 18944 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-02 23:39:49 21760 --a------ C:\WINDOWS\cpan.dll
2008-06-02 23:39:49 17664 --a------ C:\WINDOWS\clrssn.exe
2008-06-02 23:39:49 26624 --a------ C:\WINDOWS\avpcc.dll
2008-06-02 23:39:48 27904 --a------ C:\WINDOWS\accesss.exe
2008-06-02 21:16:47 0 d-------- C:\WINDOWS\ERUNT
2008-06-01 14:49:15 33408 --a------ C:\WINDOWS\system32\tuvWqRLe.dll
2008-06-01 14:47:31 94208 --a------ C:\WINDOWS\evmk.exe
2008-06-01 14:45:38 95232 -----n--- C:\WINDOWS\system32\bxrlxkyy.dll
2008-06-01 14:43:23 0 d-------- C:\Documents and Settings\Leslie\Application Data\TmpRecentIcons
2008-06-01 14:41:31 0 d-------- C:\Documents and Settings\Leslie\Application Data\Tenebril
2008-05-26 22:57:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-05-26 22:57:23 0 d-------- C:\WINDOWS\system32\tenarchlib
2008-05-26 22:57:23 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll <Not Verified; Tenebril Inc.; Interceptor DLL>
2008-05-26 22:57:23 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll <Not Verified; Tenebril Inc.; InterceptHelper DLL>
2008-05-26 22:57:23 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>
2008-05-26 22:57:22 0 d-------- C:\Program Files\SpyCatcher 2006
2008-05-26 22:13:22 378747 --ahs---- C:\WINDOWS\system32\hikSCJlm.ini2
2008-05-26 22:13:20 318848 --a------ C:\WINDOWS\system32\mlJCSkih.dll
2008-05-26 21:45:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-26 21:44:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-26 21:44:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\sp1
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\vd2
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\rev3
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\bTMP
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\acom1
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\1026c
2008-05-26 21:43:30 0 d-------- C:\Temp
2008-05-26 21:43:10 36352 --a------ C:\WINDOWS\system32\ssqNFYRk.dll
2008-05-26 21:42:13 316 --a------ C:\1487995822
2008-05-26 21:41:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\VOL_TOOLBAR
2008-05-26 21:41:37 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-26 21:41:22 0 d-------- C:\Program Files\webHancer
2008-05-26 21:41:15 93696 --a------ C:\WINDOWS\system32\ntpl.bin
2008-05-26 21:41:11 93696 --a------ C:\sdjvxa.exe
2008-05-26 21:41:07 87513 --a------ C:\WINDOWS\system32\vbpdtvdp.exe <Not Verified; Microsoft; XML Media>
2008-05-26 21:41:07 87513 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-26 21:41:07 13312 --a------ C:\oxgm.exe
2008-05-26 21:41:06 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-26 21:41:06 72192 --a------ C:\nayqmk.exe
2008-05-22 03:00:29 0 d-------- C:\Program Files\MSXML 6.0
2008-05-20 22:05:52 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-20 22:05:51 0 d-------- C:\Documents and Settings\Leslie\Application Data\Research In Motion
2008-05-20 20:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-20 20:55:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-20 20:49:11 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-20 20:49:09 0 d-------- C:\Program Files\Roxio
2008-05-20 20:49:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-05-20 20:48:57 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-20 20:35:17 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-05-20 20:35:11 0 d-------- C:\Program Files\Research In Motion
2008-05-20 20:23:11 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-20 18:37:52 3532 --a------ C:\drmHeader.bin
2008-05-13 22:44:31 0 d-------- C:\Program Files\QuickTime
2008-05-12 21:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 21:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 21:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 21:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 21:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-12 21:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 21:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-12 21:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-12 21:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-05 08:04:40 273 --a-----t C:\Documents and Settings\Leslie\Л
2008-05-03 12:18:37 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-06-02 23:58:10 0 d-------- C:\Documents and Settings\Leslie\Application Data\uTorrent
2008-06-01 14:50:08 0 d-------- C:\Documents and Settings\Leslie\Application Data\vol_toolbar
2008-05-26 22:52:21 0 d-------- C:\Documents and Settings\Leslie\Application Data\AVG7
2008-05-20 20:49:11 0 d-------- C:\Program Files\Common Files
2008-05-20 20:49:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 18:40:51 0 d-------- C:\Program Files\DivX
2008-05-13 22:46:15 0 d-------- C:\Program Files\iTunes
2008-05-13 22:46:04 0 d-------- C:\Program Files\iPod
2008-05-13 22:39:45 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 17:52:03 0 d-------- C:\Documents and Settings\Leslie\Application Data\Adobe
2008-04-12 00:15:08 0 d-------- C:\Documents and Settings\Leslie\Application Data\Move Networks
2008-04-11 22:32:20 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CD7191C-B938-465E-8D1F-B81A0F9A178B}]
05/26/2008 22:13 318848 --a------ C:\WINDOWS\system32\mlJCSkih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
10/11/2007 13:49 159744 --a------ C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [05/25/2007 09:15 1904128]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
[HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [05/05/2008 08:52]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" [06/18/2005 11:19]
"58b10301"="C:\WINDOWS\system32\lekuohcy.dll" [06/02/2008 23:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Installer"="C:\Documents and Settings\Leslie\Application Data\Microsoft\dtsc\21865.exe" [05/26/2008 21:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]

C:\Documents and Settings\Leslie\Start Menu\Programs\Startup\
Scheduler.lnk - C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe [5/26/2008 10:57:26 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe [11/4/2005 3:04:48 PM]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [6/29/2007 4:38:43 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
NETGEAR WG111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [9/8/2006 3:47:36 PM]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [9/8/2006 3:47:36 PM]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher 2006\Protector.exe [5/26/2008 10:57:26 PM]
Uninstall NETGEAR WG111 Smart Wizard.lnk - C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\Setup.exe [9/8/2006 3:47:16 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [9/11/2006 8:42:03 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogoff"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=interceptor.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJCSkih

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jot04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-03 00:01:21 ------------







Results from DSS scan main:

Deckard's System Scanner v20071014.68
Run by Leslie on 2008-06-02 23:58:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-03 03:58:10 UTC - RP611 - Deckard's System Scanner Restore Point
2: 2008-05-27 02:13:39 UTC - RP610 - Last known good configuration
1: 2008-05-27 02:13:33 UTC - RP609 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Leslie.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:59:42, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Documents and Settings\Leslie\Application Data\Microsoft\dtsc\21865.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpyCatcher 2006\Fingerprint compiler.exe
E:\dss.exe
E:\HIJACK~1\Leslie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=64646
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2CD7191C-B938-465E-8D1F-B81A0F9A178B} - C:\WINDOWS\system32\mlJCSkih.dll
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [58b10301] rundll32.exe "C:\WINDOWS\system32\lekuohcy.dll",b
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Leslie\Application Data\Microsoft\dtsc\21865.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: Uninstall NETGEAR WG111 Smart Wizard.lnk = C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\Setup.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155843790551
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 catchme - c:\docume~1\leslie\locals~1\temp\catchme.sys (file missing)
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R4 jot04 - c:\windows\system32\drivers\jot04.sys (file missing)

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - c:\windows\system32\drivers\wg111nd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR 802.11g Wireless LAN>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG111 802.11g Wireless USB2.0 Adapter
Device ID: USB\VID_0846&PID_4240\3887-0000
Manufacturer: NETGEAR, Inc.
Name: NETGEAR WG111 802.11g Wireless USB2.0 Adapter
PNP Device ID: USB\VID_0846&PID_4240\3887-0000
Service: wg111nd5

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-20 07:25:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 23:56:42 95232 --a------ C:\WINDOWS\system32\lekuohcy.dll
2008-06-02 23:40:00 24320 --a------ C:\WINDOWS\y.exe
2008-06-02 23:39:59 30464 --a------ C:\WINDOWS\xplugin.dll
2008-06-02 23:39:59 10752 --a------ C:\WINDOWS\x.exe
2008-06-02 23:39:59 14336 --a------ C:\WINDOWS\winmgnt.exe
2008-06-02 23:39:59 32768 --a------ C:\WINDOWS\window.exe
2008-06-02 23:39:58 10752 --a------ C:\WINDOWS\winajbm.dll
2008-06-02 23:39:58 18944 --a------ C:\WINDOWS\win64.exe
2008-06-02 23:39:58 21760 --a------ C:\WINDOWS\win32e.exe
2008-06-02 23:39:58 29952 --a------ C:\WINDOWS\waol.exe
2008-06-02 23:39:57 32000 --a------ C:\WINDOWS\users32.exe
2008-06-02 23:39:57 26624 --a------ C:\WINDOWS\time.exe
2008-06-02 23:39:57 19456 --a------ C:\WINDOWS\systemcritical.exe
2008-06-02 23:39:56 17152 --a------ C:\WINDOWS\systeem.exe
2008-06-02 23:39:56 26880 --a------ C:\WINDOWS\svcinit.exe
2008-06-02 23:39:56 16640 --a------ C:\WINDOWS\svchost32.exe
2008-06-02 23:39:56 11776 --a------ C:\WINDOWS\sistem.exe
2008-06-02 23:39:56 19456 --a------ C:\WINDOWS\searchword.dll
2008-06-02 23:39:56 8960 --a------ C:\WINDOWS\rundll16.exe
2008-06-02 23:39:56 31744 --a------ C:\WINDOWS\quicken.exe
2008-06-02 23:39:55 32512 --a------ C:\WINDOWS\qttasks.exe
2008-06-02 23:39:55 19200 --a------ C:\WINDOWS\olehelp.exe
2008-06-02 23:39:54 19712 --a------ C:\WINDOWS\notepad32.exe
2008-06-02 23:39:54 24576 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-02 23:39:54 9216 --a------ C:\WINDOWS\mswsc20.dll
2008-06-02 23:39:54 15104 --a------ C:\WINDOWS\mswsc10.dll
2008-06-02 23:39:54 26624 --a------ C:\WINDOWS\msupdate.exe
2008-06-02 23:39:54 30976 --a------ C:\WINDOWS\mssys.exe
2008-06-02 23:39:53 14080 --a------ C:\WINDOWS\msspi.dll
2008-06-02 23:39:53 25600 --a------ C:\WINDOWS\msconfd.dll
2008-06-02 23:39:53 10496 --a------ C:\WINDOWS\loader.exe
2008-06-02 23:39:53 32256 --a------ C:\WINDOWS\internet.exe
2008-06-02 23:39:52 16896 --a------ C:\WINDOWS\inetinf.exe
2008-06-02 23:39:52 26624 --a------ C:\WINDOWS\iexplorer.exe
2008-06-02 23:39:52 9472 --a------ C:\WINDOWS\iedll.exe
2008-06-02 23:39:52 18944 --a------ C:\WINDOWS\helpcvs.exe
2008-06-02 23:39:52 23808 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-02 23:39:51 14336 --a------ C:\WINDOWS\funny.exe
2008-06-02 23:39:51 25600 --a------ C:\WINDOWS\funniest.exe
2008-06-02 23:39:51 31232 --a------ C:\WINDOWS\explorer32.exe
2008-06-02 23:39:50 28416 --a------ C:\WINDOWS\explore.exe
2008-06-02 23:39:50 27904 --a------ C:\WINDOWS\editpad.exe
2008-06-02 23:39:50 29952 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-02 23:39:49 22272 --a------ C:\WINDOWS\directx32.exe
2008-06-02 23:39:49 15872 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-02 23:39:49 18944 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-02 23:39:49 21760 --a------ C:\WINDOWS\cpan.dll
2008-06-02 23:39:49 17664 --a------ C:\WINDOWS\clrssn.exe
2008-06-02 23:39:49 26624 --a------ C:\WINDOWS\avpcc.dll
2008-06-02 23:39:48 27904 --a------ C:\WINDOWS\accesss.exe
2008-06-02 21:16:47 0 d-------- C:\WINDOWS\ERUNT
2008-06-01 14:49:15 33408 --a------ C:\WINDOWS\system32\tuvWqRLe.dll
2008-06-01 14:47:31 94208 --a------ C:\WINDOWS\evmk.exe
2008-06-01 14:45:38 95232 -----n--- C:\WINDOWS\system32\bxrlxkyy.dll
2008-06-01 14:43:23 0 d-------- C:\Documents and Settings\Leslie\Application Data\TmpRecentIcons
2008-06-01 14:41:31 0 d-------- C:\Documents and Settings\Leslie\Application Data\Tenebril
2008-05-26 22:57:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-05-26 22:57:23 0 d-------- C:\WINDOWS\system32\tenarchlib
2008-05-26 22:57:23 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll <Not Verified; Tenebril Inc.; Interceptor DLL>
2008-05-26 22:57:23 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll <Not Verified; Tenebril Inc.; InterceptHelper DLL>
2008-05-26 22:57:23 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>
2008-05-26 22:57:22 0 d-------- C:\Program Files\SpyCatcher 2006
2008-05-26 22:13:22 378747 --ahs---- C:\WINDOWS\system32\hikSCJlm.ini2
2008-05-26 22:13:20 318848 --a------ C:\WINDOWS\system32\mlJCSkih.dll
2008-05-26 21:45:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-26 21:44:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-26 21:44:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\sp1
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\vd2
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\rev3
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\bTMP
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\acom1
2008-05-26 21:44:29 0 d-------- C:\WINDOWS\system32\1026c
2008-05-26 21:43:30 0 d-------- C:\Temp
2008-05-26 21:43:10 36352 --a------ C:\WINDOWS\system32\ssqNFYRk.dll
2008-05-26 21:42:13 316 --a------ C:\1487995822
2008-05-26 21:41:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\VOL_TOOLBAR
2008-05-26 21:41:37 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-26 21:41:22 0 d-------- C:\Program Files\webHancer
2008-05-26 21:41:15 93696 --a------ C:\WINDOWS\system32\ntpl.bin
2008-05-26 21:41:11 93696 --a------ C:\sdjvxa.exe
2008-05-26 21:41:07 87513 --a------ C:\WINDOWS\system32\vbpdtvdp.exe <Not Verified; Microsoft; XML Media>
2008-05-26 21:41:07 87513 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-26 21:41:07 13312 --a------ C:\oxgm.exe
2008-05-26 21:41:06 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-26 21:41:06 72192 --a------ C:\nayqmk.exe
2008-05-22 03:00:29 0 d-------- C:\Program Files\MSXML 6.0
2008-05-20 22:05:52 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-20 22:05:51 0 d-------- C:\Documents and Settings\Leslie\Application Data\Research In Motion
2008-05-20 20:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-20 20:55:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-20 20:49:11 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-20 20:49:09 0 d-------- C:\Program Files\Roxio
2008-05-20 20:49:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-05-20 20:48:57 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-20 20:35:17 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-05-20 20:35:11 0 d-------- C:\Program Files\Research In Motion
2008-05-20 20:23:11 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-20 18:37:52 3532 --a------ C:\drmHeader.bin
2008-05-13 22:44:31 0 d-------- C:\Program Files\QuickTime
2008-05-12 21:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 21:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 21:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 21:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 21:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-12 21:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 21:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-12 21:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-05-12 21:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-05 08:04:40 273 --a-----t C:\Documents and Settings\Leslie\Л
2008-05-03 12:18:37 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-06-02 23:58:10 0 d-------- C:\Documents and Settings\Leslie\Application Data\uTorrent
2008-06-01 14:50:08 0 d-------- C:\Documents and Settings\Leslie\Application Data\vol_toolbar
2008-05-26 22:52:21 0 d-------- C:\Documents and Settings\Leslie\Application Data\AVG7
2008-05-20 20:49:11 0 d-------- C:\Program Files\Common Files
2008-05-20 20:49:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 18:40:51 0 d-------- C:\Program Files\DivX
2008-05-13 22:46:15 0 d-------- C:\Program Files\iTunes
2008-05-13 22:46:04 0 d-------- C:\Program Files\iPod
2008-05-13 22:39:45 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 17:52:03 0 d-------- C:\Documents and Settings\Leslie\Application Data\Adobe
2008-04-12 00:15:08 0 d-------- C:\Documents and Settings\Leslie\Application Data\Move Networks
2008-04-11 22:32:20 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CD7191C-B938-465E-8D1F-B81A0F9A178B}]
05/26/2008 22:13 318848 --a------ C:\WINDOWS\system32\mlJCSkih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
10/11/2007 13:49 159744 --a------ C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [05/25/2007 09:15 1904128]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
[HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [05/05/2008 08:52]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" [06/18/2005 11:19]
"58b10301"="C:\WINDOWS\system32\lekuohcy.dll" [06/02/2008 23:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Installer"="C:\Documents and Settings\Leslie\Application Data\Microsoft\dtsc\21865.exe" [05/26/2008 21:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]

C:\Documents and Settings\Leslie\Start Menu\Programs\Startup\
Scheduler.lnk - C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe [5/26/2008 10:57:26 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe [11/4/2005 3:04:48 PM]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [6/29/2007 4:38:43 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
NETGEAR WG111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [9/8/2006 3:47:36 PM]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [9/8/2006 3:47:36 PM]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher 2006\Protector.exe [5/26/2008 10:57:26 PM]
Uninstall NETGEAR WG111 Smart Wizard.lnk - C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\Setup.exe [9/8/2006 3:47:16 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [9/11/2006 8:42:03 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogoff"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=interceptor.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJCSkih

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jot04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-03 00:01:21 ------------





Results from DSS scan extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1021.98 MiB / 564.18 MiB
Pagefile Memory (total/avail): 2464.72 MiB / 2087.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.21 MiB

C: is Fixed (NTFS) - 298.08 GiB total, 206.95 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST3320620A - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

\\.\PHYSICALDRIVE1 - USB_DRIVE USB Device - 486.34 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 490.75 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1157224890\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1157224890\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\1157224890\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1157224890\\ee\\AOLServiceHost.exe:*:Disabled:AOL Services"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Disabled:Last.fm"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Leslie\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DGGY2931
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Leslie
LOGONSERVER=\\DGGY2931
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Leslie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Leslie\LOCALS~1\Temp
USERDOMAIN=DGGY2931
USERNAME=Leslie
USERPROFILE=C:\Documents and Settings\Leslie
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Leslie (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
--> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
--> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
--> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
--> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
--> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Torrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AOL Explorer --> C:\Program Files\Common Files\AOL\1157224890\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry Device Software v4.3.0 for the BlackBerry 8130 smartphone --> MsiExec.exe /X{573D8008-5F38-4F5F-820B-1D3151332282}
Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Cisco Systems VPN Client 4.8.01.0300 --> MsiExec.exe /X{D25122BC-A60E-4663-B602-B01718F12044}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant SmartHSFi V92 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
DC++ 0.691 --> "C:\Program Files\DC++\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Duplicate Finder --> "C:\Program Files\Duplicate Finder\unins000.exe"
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HijackThis 1.99.1 --> E:\Hijackthis\HijackThis.exe /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
HP Deskjet 3900 series --> C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod Updater 2004-08-06 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_9e2da7\Setup.exe /APR-REMOVE
Last.fm 1.3.1.1 --> "C:\Program Files\Last.fm\unins000.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Leslie\Application Data\Move Networks\ie_bin\Uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
NETGEAR WG111 Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\SETUP.EXE" -uninst
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roxio Media Manager --> MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SpyCatcher Express 2006 --> "C:\Program Files\SpyCatcher 2006\unins000.exe"
The Marketing Game! - student software --> C:\WINDOWS\uninst.exe -f"C:\Program Files\TMG\DeIsL1.isu" -c"C:\Program Files\TMG\_ISREG32.DLL"
Verizon Broadband Toolbar --> C:\Program Files\vol_toolbar\uninstall.exe
Verizon High Speed Internet --> "C:\WINDOWS\DSL\unins000.exe"
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon Servicepoint 1.5.12 --> "C:\Program Files\Verizon\VSP\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint...completed.html"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
webHancer Customer Companion --> C:\Program Files\webHancer\Programs\whInstaller.exe -uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type25938 / Error
Event Submitted/Written: 06/02/2008 11:37:13 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-06-03 03:37:13,359 DGGY2931 [000324:000340] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2796) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type25874 / Error
Event Submitted/Written: 05/26/2008 10:20:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type25862 / Error
Event Submitted/Written: 05/26/2008 09:45:11 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-27 01:45:11,296 DGGY2931 [002008:002028] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2340) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type25861 / Error
Event Submitted/Written: 05/26/2008 09:44:44 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-27 01:44:44,765 DGGY2931 [002008:002028] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2624) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type25859 / Error
Event Submitted/Written: 05/26/2008 09:41:39 PM / 05/26/2008 09:41:40 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-27 01:41:39,984 DGGY2931 [002008:002028] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(1384) call failed with WIN32 error 87, returning session id is 0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type48316 / Error
Event Submitted/Written: 06/02/2008 11:56:50 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c000001d, parameter2 00690064, parameter3 ee0f4cec, parameter4 00000000.

Event Record #/Type48314 / Warning
Event Submitted/Written: 06/02/2008 11:56:30 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type48294 / Error
Event Submitted/Written: 06/02/2008 11:34:35 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Record #/Type48290 / Error
Event Submitted/Written: 06/02/2008 09:36:42 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Event Record #/Type48289 / Error
Event Submitted/Written: 06/02/2008 09:31:59 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
The ScRegSetValueExW call failed for Start with the following error:
%%5



-- End of Deckard's System Scanner: finished at 2008-06-03 00:01:21 ------------

#6 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 June 2008 - 07:08 AM

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#7 LWA says

LWA says

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 03 June 2008 - 07:47 PM

I have been unable to use my internet browser to download. It navigates to an aol search page, telling me the webpage is unable to be found. I've been loading everything to my desktop through a thumb drive. When I attempted to drag and drop the windows recovery console to the combofix.exe file on my desktop, nothing happened. When I double click combofix.exe, nothing happens. When I double click on the windows recovery console icon, I am asked to accept a license agreement. After clicking yes, it asks me to specify a floppy drive to copy the images to. Is there are problem because I am loading combofix from a thumb drive? I believe I am following all the instructions correctly.

#8 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 04 June 2008 - 05:53 AM

Make sure you put ComboFix onto the desktop from the USB key If it doesn't work then, try run it in Safe Mode Let me know how that goes

#9 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 08 June 2008 - 05:08 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users