Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Virtumonde


  • This topic is locked This topic is locked
22 replies to this topic

#1 UCFKNIGHTJ

UCFKNIGHTJ

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 04:10 AM

About a month ago I noticed something had been downloaded to my desktop and was causing popups. At the time my virus protection was outdated. I used a tool called smithfraudfix to get the desktop back to normal and rid the pop ups. The desktop went back to normal and the popups did stop. However, I have installed AVG, Spybot, and I did a scan with windows live care. Spybot and Windows Live Care detect virtumonde but are unable to delete. The only pop up I notice now is a box that says dialog with a code it wants me to type to verify im the owner of the compter and I also have 3 rundll errors whenever I reboot. I have tried to use vundofix and it does not detect any signs of the virus. If there is anybody that could help me out with this problem I would greatly appreciate it. Thank you.

BC AdBot (Login to Remove)

 


#2 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 04:44 AM

BTW, when I attempt to run DSS I get a microsoft error before it can finish scanning and it closes. Is this from the VIRTUMONDE? I'm unable to post the log because the tool keeps crashing on me

#3 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 05:32 AM

I found a download for hijackthis on majorgeeks.com. Should I download and run this? I'm not sure what it will do exactly. I'll hold off for now until I get a response. The DSS download crashes on me while it's scanning.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:49 AM

Posted 09 June 2008 - 06:34 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 12:48 PM

Thanks for the quick response. Here is the log from combo fix
ComboFix 08-06-08.8 - TANYA 2008-06-09 13:46:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -5:00]
Running from: C:\Documents and Settings\TANYA\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\!Quick Screen Capture v2.1 Serial by MP2K.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\!Tankz Battle in the City v1.1 for PalmOS.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\#1 Mp3 To Wav Converter V1.5.06.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\12Ghosts21.5.3.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\13808.exe
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\1Click DVD Ripper v2.03.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\1st File Hider v3.22.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\1st Video Converter v4.2 by LasH.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\1st.Go.Warkanoid.II.Total v2.7.7.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\1Vision vSERV v3.7.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\21 Solitaire V1.0.0.0.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\21 Solitaire V1.0.0.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\3DStudio Max v6.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\3DVista Studio v1.9.3 Keygen - EPS.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\4Team for Microsoft Outlook 2002 v1.50.0202 Retail.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\4Team for Microsoft Outlook 2002 v1.50.0202 Retail.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\5 Min Scrabble v1.3 keygen by CORE.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\5 Min Scrabble v1.3 keygen by CORE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\7Office Sales Management Standalone v2.2 for Windows.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Aaerus IconCommander v1.14 by DESTiNATiON.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Aaerus IconCommander v1.14 by DESTiNATiON.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Abbyy FineReader 5 Pro (Try and Buy) - Windows XP.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Ablaze Digital Image Collector 4.3.1.9.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Absolut Chess (AC) v1.3.9.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Accent Excel Password Recovery 2.10 by TSRh.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Accent Excel Password Recovery 2.10 by TSRh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ACDSee 3.0 build 1209.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Acid2000 2.3.0.230.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Acoustica Mixcraft v1.00 build 10.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Active@ Undelete v2.0.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Active@ Undelete v2.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Actual Spy v1.7.1.112 Repacked.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Acute Softwares Timer 1.3.48.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe Acrobat 4.0.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe Acrobat 4.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe Photoshop Elements 2.0 Trial To Full English By Bidjan.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe Premiere 5.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Acrobat.8.0.Professional-Patch CiM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Flash.CS3.v9.0.0.494.FRENCH-Patch_CiM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Illustrator.CS3.v13.0.128.0.FRENCH-Patch_CiM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Illustrator.v10.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Photoshop.9.Acrobat.7.0.Pro.Illustrator.InDesign.GoLive.CS2.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Photoshop.9.Acrobat.7.0.Pro.Illustrator.InDesign.GoLive.CS2.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Photoshop.CS3.Extended.Keymaker.Only-ZWT.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Photoshop.CS3.Standard.Keymaker.Only.Plus.DIRFIX-ZWT.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Photoshop.v7.0.ME by SSG.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Adobe.Photoshop.v7.0.ME by SSG.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Advanced Skeleton v1.2 for Maya X.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Advanced Skeleton v1.2 for Maya X.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Age of Empires - der Aufstieg Roms expansion by DBC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Alawar Farm Frenzy by JonezCracker.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Alcohol 120% 1.9.6 4719.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\alcohol.120.1.9.5.3105.trial.patch-tsrh.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\alcohol.120.1.9.5.3105.trial.patch-tsrh.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\alcohol.120.1.9.5.3105.trial.patch-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Alive.3GP.Video.Converter.1.6.9.6.serial-SND.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Allok.AVI.MPEG.Converter.1.2.8 CRK-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\AnyDVD 5.9.6.1.BMF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\AoA.iPod.PSP.3GP.MP4.Converter.v2.0.9 CRKEXE-FFF.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\AoA.iPod.PSP.3GP.MP4.Converter.v2.0.9 CRKEXE-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Applian.Replay.Media.Catcher.1.0.0.5.crk-YPOGEiOS.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Ashampoo.Burning.Studio.v5.05 KEYGEN-FFF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Ashampoo.Burning.Studio.v5.05 KEYGEN-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\autodesk maya 8.5 crack ..zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\autodesk revit 2008.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\avast.antivirus.4.1.357.keygen-tsrh.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\avast.antivirus.4.1.357.keygen-tsrh.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\AVG Internet Security 7[1].5.503.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Azada.Build.170.Patch.By.Amin Fear.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Babylon-Pro v4.0.5 R7.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Babylon-Pro v4.0.5 R7.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Battlenet Enabler for Diablo2.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Battlenet Enabler for Diablo2.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\BHK Alcohol Simulator v1.1.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Big.Fish.Games.-.Ancient.Tripeaks.II CRKEXE-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\BitDefender Antivirus Pro v6.3.6 Spanish.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Blaze.Media.Pro.2001e by PROPHECY.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Blaze.Media.Pro.2001e by PROPHECY.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Boilsoft AVI-MPEG-ASF-WMV Splitter v2.31.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Bookworm.Adventures.Deluxe.1.0.cracked.exe-YPOGEiOS.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Boris FX Title Toolkit v1.0 for Adobe After Effects by SCOTCH.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Boris FX Title Toolkit v1.0 for Adobe After Effects by SCOTCH.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Borland C++ Builder 6.0 Enterprise by NLiSO.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Borland C++ Builder 6.0 Enterprise by NLiSO.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\BPM Home Studio 3.4.6 and BPM Pro 3.0 Full by Paradox Team and Tcc Latest Releases.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\BPM Home Studio 3.4.6 and BPM Pro 3.0 Full by Paradox Team and Tcc Latest Releases.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\BricsCad Architecturals for AutoCAD v3.3.0009 by RENEGADE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Bubble Trouble v1.3 for Sony HiRes for PalmOS.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Bubble Trouble v1.3 for Sony HiRes for PalmOS.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Building Dynamic Web Sites with Macromedia Studio MX 2004 - eBook.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CadTech SolidCAM 2003 v8.2.1 Bilingual for SolidWorks by EAT.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CakeWalk Sonar 1.0 Demo.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Call of Duty.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Callas MadeToPrint for Adobe Acrobat v2.1.038 by SSG.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Callas MadeToPrint for Adobe Acrobat v2.1.038 by SSG.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CDI2Nero-DAO v0.9 Beta 3.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Chicken.Invaders.3.Patch.By.Amin Fear.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Civilization 3 Fargus Localization Russian Patch2Patch.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Classic Menu for Office 2008 v3.91 CD-KEY.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Classic Menu for Office 2008 v3.91 CD-KEY.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CloneCD 5 Beta + AnyDVD v3.9.2.1.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CloneCD 5 Beta + AnyDVD v3.9.2.1.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CloneCD.5.3.0.1.Patch-YPOGEiOS.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CloneCD.5.3.0.1.Patch-YPOGEiOS.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Company Of Heroes (ver 1.2) trainer by Metroid.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\corel draw 12.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Corel DRAW Graphics Suite X4 14.0.0 567 Multylanguage - Bidjan.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Corel DRAW Graphics Suite X4 14.0.0 567 Multylanguage - Bidjan.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Corel Paint Shop Pro 11 - Keygen - SSG.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Corel WordPerfect Office X3 13.0.0.565 - Bidjan.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CorelDRAW X 3 13 - Bidjan.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\CorelDRAW X 3 13 - Bidjan.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Counter.Strike.1.6.Sky.Background-YPOGEiOS.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Crack Hidden Expedition Titanic (game of popgamers) - by LovePascal.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Cyberlink.PowerDVD.6.0.0.1424 KEYGEN-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DFX Audio Enhancer For RealPlayer and RealOne v7.010.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DFX For Winamp v5.303.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DietMP3.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DietMP3.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DIGITAL MEDIA CONVERTER.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\dream.aquarium.1.0170.read.nfo.full-tsrh.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\dream.aquarium.1.0170.read.nfo.full-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Driver Updater Pro 2.3.2.0_Crack_Under SEH Team.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\driver.magician.2.4.crack-tsrh.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\driver.magician.2.4.crack-tsrh.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DVD Region+CSS Free Lite v5.0.2.2.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DVD Region+CSS Free Lite v5.0.2.2.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DVD to DivX Converter v5.81.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DVD2one 1.1.1 by TSRh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\DVDFab v1.0.0.8.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Elite.Keylogger.v3.5.build.087_CRKEXE-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Embarcadero ER-Studio v4.21 Patch.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Embarcadero ER-Studio v4.21 Patch.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Empire Earth.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Eset NOD32 Antivirus v2.000.6.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Fltch v.11.0 AviRa.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Fltch v.11.0 AviRa.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Folder Lock 5.9.0 Loader Installer By Under SEH Team.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Folder Lock 5.9.0 Loader Installer By Under SEH Team.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\FolderLock v1.1.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\FolderLock v1.1.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Fraps v2.0.0.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Fraps v2.0.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\FruityLoops v1.76.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\FruityLoops v1.76.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GameHouse Jewel Quest v1.206.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GameHouse Westward Serial by BalCrNepal.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Gamehouse.Luxor.v1.0.3.32.GH CRK-FFF.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Gamehouse.Luxor.v1.0.3.32.GH CRK-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GameSpy Arcade v1.11x Registration by Defcon.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GameSpy Arcade v1.11x Registration by Defcon.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Garmin MapSource Addon v5.4.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Garmin MapSource Addon v5.4.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Generic Corel Trialware Cracker.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Generic Ulead Trial by PC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GetRight3.2 Stolen Software NR.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GetRight3.2 Stolen Software NR.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GlobalSCAPE CuteFTP Pro v3.0 by CORE.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\GlobalSCAPE CuteFTP Pro v3.0 by CORE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Guitare Pro 1.0.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Guitare Pro 1.0.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Guitare Pro 1.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Handy Recovery v2.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Heli-Heroes v1.0 PL by EVC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Hitman - Codename 47 v1.2.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ImTOO.3GP.Video.Converter.v2.1.41 KEYGEN-FFF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ImTOO.3GP.Video.Converter.v2.1.41 KEYGEN-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ImTOO.iPod.movie.Converter.2.1.55 KEYGEN-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\instant LOCK 2.5 - 3.x All Versions.by.FOFF.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\instant LOCK 2.5 - 3.x All Versions.by.FOFF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\instant LOCK 2.5 - 3.x All Versions.by.FOFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Internet Download-Manager 2.93.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Internet Download-Manager 2.93.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\InterVideo WinDVD Platinum v5.0.26.007 by UnderPl.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Iphone 4.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ISOMagic v3.6.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Jasc Virtual Painter 3.2 Trial English by Bidjan.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Anti-virus 7.0 key 01.04.2008.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Anti-Virus Keys Collection.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Anti-Virus Personal Pro v4.0.6.0 by LASH.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Anti-Virus Personal Pro v4.0.6.0 by LASH.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Anti-Virus v7.0.0.125 key by Extreme Team.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Antivirus (AVP) 3.x any build.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Antivirus (AVP) 3.x any build.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Antivirus 7.0.0.125 keys by Russian Federation, no ban, 04.11.2008.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Antivirus Personal Pro 4.0.9 2007 year.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Internet Security 7.0.0.125 reg file.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky Internet Security 7.0.1.325 Key By Mohammad Kavussi.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky.Internet.Security.2006.v6.0.0.290.RC6.READNFO CRK-FFF.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kaspersky.Internet.Security.2006.v6.0.0.290.RC6.READNFO CRK-FFF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Kudos Rock Legend From Reflexive Arcades by TFT-TEAM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\lcg.jukebox.2.1.pocket.pc.cracked-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Lock.Folder.XP v3.1 by ViRiLiTY.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Lock.Folder.XP v3.1 by ViRiLiTY.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Lock.Folder.XP.3.6.CRACKED.EXE-YPOGEiOS.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\MATLAB 5.1+.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Office 2003 All-in-One - eBook.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Office Accounting Professional 2007.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Office Accounting Professional 2007.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows Server 2003.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows XP Home Edition Build 2600 by dHaNaNjEy.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows XP Home Edition Build 2600 by dHaNaNjEy.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows XP Serials by Unknown.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows XP SP2 Quick Cleaner.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows XP SP2 Quick Cleaner.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows XP.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Microsoft Windows XP.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Movavi Video Suite v3.4.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\MP3 Pro Nero Crack v6.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\MP3 RM Converter v1.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\MP3 To Ringtone Gold v3.18.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\MP3 To Ringtone Gold v3.18.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Ms-Office 2007 (All Ver) Genuine Advantage Crack by team Black_X.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\MSN Password Recovery 2.0.TeaM.iNFLUENCE.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\MSN Password Recovery 2.0.TeaM.iNFLUENCE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Nascar 2003 Replay Analyzer v2.3.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Nero-Burning Rom v5.5.7.8.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Nero Burning ROM Ultra Edition v6.0.0.28.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Nero.8.2.8.0-KeyGen_CiM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\NJStar Chinese WP 4.33 by DBC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton 2000 Update Reviver.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton 2000 Update Reviver.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton 360 keygen.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton 360 keygen.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton Antivirus 2001 v.7.00.32-v.7.00.43(Fixed).zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton Internet Security 2001 v2.5.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton Internet Security 2008 patch.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Norton Internet Security Suite 2007keygen.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Opera Mobile Browser 8.60u2 (1682H) for WM5.0 Pocket PC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Panda Antivirus 2004 Pro Platinum-Titanium.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Panda Antivirus 2004 Pro Platinum-Titanium.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Partition Magic 8.01.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Partition Magic 8.01.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\PC-Cillin2003 v10.02-10.xx.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\pc.pitstop.optimize.1.0.0.12.crack-tsrh.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\pc.pitstop.optimize.1.0.0.12.crack-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\PDF2Word - PDF2RTF v1.3.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\PDF2Word - PDF2RTF v1.3.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Pinnacle 52 Professional Development System.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Pinnacle Studio Plus 10.5.2785. - Bidjan.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Plant Tycoon v1.0 for PalmOS.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Poker Superstars 2 from gamehouse (all version) by TFT-TEAM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Pop Up Blocker Pro and Spyware Detector 2004 v4.3.5.16.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Porno Crawler v1.2 Keygen - ORiON.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\PowerDVD v7.0 MULTILANGUAGE crack TFT.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\poweriso.v.3.1.keygen-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Prince Of Persia 3D.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Prince Of Persia 3D.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Pro-ENGINEER Wildfire v2.0 Datecode F000 (2004110).zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\pro.evolution.soccer.5.keygen-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Propellerheads.Reason v2.0.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Propellerheads.Reason v2.0.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ProShow Gold 1.0 by TSRh.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ProShow Gold 1.0 by TSRh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Quake 2 Name Maker v0.4 by DBC.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Quake 2 Name Maker v0.4 by DBC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\QUICKSNOOKER v5.0.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\QUICKSNOOKER v5.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Reflexive Doggie Dash by JonezCracker.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\RegCure.1.x.x.x-Patch_CiM.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\RegCure.1.x.x.x-Patch_CiM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Registry Mechanic v3.0.0.28.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Registry Mechanic v3.0.0.28.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Registry.Booster.2.0.1013.3068_CRKEXE-FFF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Registry.Booster.2.0.1013.3068_CRKEXE-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Replay Converter 2.80 [04-18-2007] patch.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\ResControl v1.11 Keygen - ECLiPSE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Resident Evil 2 v1.04 by DBC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\River Past Video Cleaner v1.0 by HERiTAGE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Roxio Easy CD Creator 6.x.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\s
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\SimSynth 2.5.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\SlySoft AnyDVD v3.6.2.1.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\smartmovie.3.00.pocketpc.keygen-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\SnagIt32 v4.x.x.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Sothink Coolmenu 3.0 by DBC.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Sothink SWF Decompiler MX 2002 30212 Trial by Bidjan.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Sothink SWF Decompiler MX 2002 30212 Trial by Bidjan.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\SpeedUpMyPC 1.16 by TSRh.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\SpeedUpMyPC 1.16 by TSRh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Spy Sweeper v2.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\SpyEraser.v1.0.0.909 CRKEXE-FFF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\SpyEraser.v1.0.0.909 CRKEXE-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Spyware Doctor 5.5.0.178 patch-tRUE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Starcraft-BroodWar 1.08.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\sudoku.1.2.0.keygen-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Super Internet TV 6.6.0.0.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Super Internet TV 6.6.0.0.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\swat.4.-.the.stetchkov.syndicate.keygen-tsrh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Tally ees v6.3 Release 1.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Tally ees v6.3 Release 1.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\TuneUp Utilities 2003 3.0.1006 by TSRh.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\TuneUp Utilities 2003 3.0.1006 by TSRh.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\TuneUp.Utilities.2008.v7.0.7986.Patch-tRUE.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Ulead VideoStudio 11.0.0157.0 Plus Deutsch - Bidjan.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\UltraEdit-32 - v8.00.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\UltraEdit-32 - v8.00.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Uniblue RegistryBooster v2.0.1061.3222.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Uniblue RegistryBooster v2.0.1061.3222.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\virtualdj trial v4.2.0.0 CRACKED BY KML.RaR.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Visual.CertExam.Suite.1.9.815 CRK-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Visual.Studio.2005.8.0.50727.42 CRK-FFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\VMware 1.0.1 build 372 by DAMN.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Warcraft 2 Battle.net Edition CD-Key 1.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WebCamMax.3.2.0.0-Patch_CiM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WinAce v2.65 (Full Working NeMeSiS ByTe).zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WinAVI Video Converter v5.7 by SND.torrent
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WinAVI Video Converter v5.7 by SND.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Windows FTP Server v1.6.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Windows FTP Server v1.6.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WindowsSweeper XP v1.0 Keygen - UCF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WindowsSweeper XP v1.0 Keygen - UCF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WinRAR.v3.71.patch.by.FOFF.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WinRAR.v3.71.patch.by.FOFF.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WinZip 11.2 (8094) Patch By Under SEH Team.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\WinZip Self-Extractor v2.2 (1110).zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\world of warcraft cheat codes.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Xilisoft DVD Audio Ripper v1.0.14.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Xilisoft FLV Converter v3.1.14 build 1108b patch by Extreme Team.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Xilisoft.3GP.Video.Converter.2.x-KeyGen-CiM.zip
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Xilisoft.3GP.Video.Converter.2.x-KeyGen-CiM.zip~
C:\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\Xilisoft.3GP.Video.Converter.3.1.52.build-0229b.by.FOFF.zip~
C:\Program Files\asembl~1
C:\Program Files\dbar
C:\Program Files\dbar\basis.xml
C:\Program Files\dbar\channel.tmpl
C:\Program Files\dbar\content.tmpl
C:\Program Files\dbar\dbaruninst.exe
C:\Program Files\dbar\deskbar.crc
C:\Program Files\dbar\deskbar.inf
C:\Program Files\dbar\edit_rss.tmpl
C:\Program Files\dbar\local.xml
C:\Program Files\dbar\nav1.bmp
C:\Program Files\dbar\nav2.bmp
C:\Program Files\dbar\new_alert.tmpl
C:\Program Files\dbar\version.ini
C:\Program Files\dbar\version.txt
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\icons\bufferthis.ico
C:\Program Files\winvi\icons\flashfunpages.ico
C:\Program Files\winvi\icons\funnies.ico
C:\Program Files\winvi\icons\funnyfunpages.ico
C:\Program Files\winvi\icons\goodcleanvideos.ico
C:\Program Files\winvi\icons\newfunpages.ico
C:\Program Files\winvi\icons\positivethoughts.ico
C:\Program Files\winvi\icons\removespyware.ico
C:\Program Files\winvi\icons\thissiterocks.ico
C:\Program Files\winvi\temp\version.ini
C:\Program Files\winvi\Uninst.exe
C:\Program Files\winvi\version.ini
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\WINDOWS\BM1ba6df45.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\system32\aaedkluc.dll
C:\WINDOWS\system32\asgvtojm.dll
C:\WINDOWS\system32\cLnWDJjl.ini
C:\WINDOWS\system32\cLnWDJjl.ini2
C:\WINDOWS\system32\conqkaop.dll
C:\WINDOWS\system32\dypoveil.dll
C:\WINDOWS\system32\esulpcur.dll
C:\WINDOWS\system32\FMmmlnmp.ini
C:\WINDOWS\system32\FMmmlnmp.ini2
C:\WINDOWS\system32\GQssDcdd.ini
C:\WINDOWS\system32\GQssDcdd.ini2
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hwmalwdp.ini
C:\WINDOWS\system32\hythioxq.ini
C:\WINDOWS\system32\jghhdbrr.ini
C:\WINDOWS\system32\lrpvsucr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mwgrmwsq.dll
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\qguwfaag.dll
C:\WINDOWS\system32\rcusvprl.ini
C:\WINDOWS\system32\rvwmixfs.ini
C:\WINDOWS\system32\sfximwvr.dll
C:\WINDOWS\system32\shybgvon.dll
C:\WINDOWS\system32\VCKSCfii.ini
C:\WINDOWS\system32\VCKSCfii.ini2
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wvxlscqp.dll
C:\WINDOWS\system32\ybdLnnmp.ini
C:\WINDOWS\system32\ybdLnnmp.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-09 04:24 . 2008-06-09 04:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-09 04:24 . 2008-06-09 04:24 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-09 04:23 . 2007-03-29 07:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-09 04:23 . 2007-03-29 07:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-09 04:23 . 2007-03-29 07:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-09 04:23 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-09 04:23 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-09 04:23 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-06-09 04:23 . 2008-06-09 04:23 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-09 00:25 . 2008-06-09 00:25 <DIR> d-------- C:\Deckard
2008-06-08 23:37 . 2008-06-08 23:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 23:37 . 2008-06-08 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-08 21:32 . 2008-06-08 21:32 <DIR> d-------- C:\VundoFix Backups
2008-06-07 22:47 . 2008-06-07 22:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-07 22:47 . 2008-06-07 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 22:21 . 2008-06-07 22:21 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-06-07 22:20 . 2008-06-08 22:28 <DIR> d-------- C:\Program Files\uTorrent
2008-06-07 03:50 . 2008-06-08 10:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 03:50 . 2008-06-07 03:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 04:11 . 2008-06-06 04:11 <DIR> d-------- C:\Program Files\Veoh Networks
2008-06-05 15:30 . 2008-06-05 15:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-02 15:24 . 2008-06-09 13:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:24 . 2008-06-02 15:24 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:24 . 2008-06-02 15:24 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-02 15:24 . 2008-06-02 15:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-01 15:10 . 2008-06-01 15:10 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-31 20:34 . 2008-05-31 20:34 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\acccore
2008-05-31 20:27 . 2008-05-31 20:31 <DIR> d-------- C:\Program Files\AIM6
2008-05-29 22:43 . 2008-05-29 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-29 22:42 . 2008-06-02 23:27 935 --ah----- C:\IPH.PH
2008-05-22 19:32 . 2008-05-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-22 16:25 . 2008-05-22 16:25 <DIR> d-------- C:\Program Files\AVG
2008-05-22 16:13 . 2008-05-22 16:13 <DIR> d-------- C:\Documents and Settings\TANYA\.housecall6.6
2008-05-21 17:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-21 17:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-21 17:10 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-21 17:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-21 17:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-21 17:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-21 17:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-21 17:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-20 15:36 . 2008-05-20 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-20 01:46 . 2008-06-08 22:28 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-20 00:43 . 2008-05-20 01:28 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\AVGTOOLBAR
2008-05-20 00:43 . 2008-06-02 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-20 00:32 . 2008-05-21 17:26 3,394 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-19 22:40 . 2008-05-19 23:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:40 . 2008-05-19 23:49 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\SUPERAntiSpyware.com
2008-05-19 22:40 . 2008-05-19 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 17:13 . 2008-05-19 17:13 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-19 16:36 . 2008-05-19 16:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-19 16:33 . 2006-02-08 02:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-05-19 16:33 . 2008-05-20 00:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-19 16:18 . 2008-05-24 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-19 14:52 . 2008-06-09 03:31 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\Uniblue
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\Uniblue
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-18 13:55 . 2008-05-18 13:55 <DIR> d-------- C:\Program Files\AskSBar
2008-05-18 13:53 . 2008-05-18 13:53 164 --a------ C:\install.dat
2008-05-18 11:59 . 2008-05-18 11:59 63,902 --a------ C:\WINDOWS\system32\{b8d20e3d-4442-a530-e8be-216029059995}.dll-uninst.exe
2008-05-18 11:58 . 2008-05-18 11:58 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\Talkback
2008-05-18 11:57 . 2008-05-19 16:24 <DIR> d--hs---- C:\WINDOWS\VEFOWUE
2008-05-18 11:56 . 2008-05-20 01:51 <DIR> d-------- C:\WINDOWS\system32\polX
2008-05-18 11:56 . 2008-05-20 01:50 <DIR> d-------- C:\WINDOWS\system32\logXv06
2008-05-18 11:56 . 2008-05-19 16:24 <DIR> d-------- C:\WINDOWS\system32\GUI2
2008-05-18 11:56 . 2008-05-19 23:43 <DIR> d-------- C:\WINDOWS\system32\binR
2008-05-18 11:56 . 2008-05-19 16:24 <DIR> d-------- C:\WINDOWS\system32\3036a
2008-05-18 11:56 . 2008-05-18 11:56 <DIR> d-------- C:\Temp\dmpxp32
2008-05-18 11:56 . 2008-06-09 13:47 <DIR> d-------- C:\Temp
2008-05-17 08:40 . 2008-05-17 08:40 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\Sonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 16:05 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-06 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 01:27 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-01 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-30 03:43 --------- d-----w C:\Program Files\Viewpoint
2008-05-30 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-23 00:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-20 20:31 --------- d-----w C:\Program Files\Yahoo!
2008-05-20 03:45 --------- d-----w C:\Program Files\Google
2008-05-19 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-19 07:19 --------- d-----w C:\Program Files\Sonic
2008-05-03 20:03 --------- d-----w C:\Documents and Settings\TANYA\Application Data\Yahoo!
2008-05-03 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-01 08:16 --------- d-----w C:\Program Files\Picasa2
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-02 15:23 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-18 13:55 267592]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-02 15:23 2050816]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-18 13:55 267592]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-06-02 15:23 2050816]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{d1c99c30-eb58-c20f-0aeb-2c9ee8aadafb}"="C:\WINDOWS\system32\{b8d20e3d-4442-a530-e8be-216029059995}.dll" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 07:36 729178]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-08 02:05 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-08 02:05 98304]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 18:24 684032]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:23 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-08 02:01:26 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrOGwv]
cbXrOGwv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-02 15:23]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-02 15:24]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 12:09]
S1 rmcastt;rmcastt;C:\WINDOWS\system32\drivers\rmcastt.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a8-d140-11dc-9644-00142296ce90}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NIKKI-TANYA).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-06-06 20:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-29 22:02:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-19 21:41:55 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:52:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\TANYA\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini.inuse 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-09 13:57:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 18:56:47

Pre-Run: 27,065,057,280 bytes free
Post-Run: 27,005,186,048 bytes free

616 --- E O F --- 2008-05-17 08:01:52

#6 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 04:12 PM

I just did a scan with spybot no virtumonde was found, then i rescanned with windows live car and 4 different vundos were found with several infected files for each. I was trying to copy and paste the results but it would not let me. There were too many to type for each virus, for one of the viruses I think it had at least 10 infected files. Is Windows Live Care a respectable scanner?

#7 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 04:28 PM

I finally got DSS to work. I can now profide you with a hijack this log. Maybe this will give you a little more to work with.
Deckard's System Scanner v20071014.68
Run by TANYA on 2008-06-09 17:30:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-06-09 22:31:02 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-06-09 22:01:23 UTC - RP9 - Cleaned registry with Windows Live OneCare safety scanner
8: 2008-06-09 21:47:47 UTC - RP8 - Configured VeohTV BETA
7: 2008-06-09 18:45:58 UTC - RP7 - ComboFix created restore point
6: 2008-06-09 10:34:34 UTC - RP6 - Deckard's System Scanner Restore Point


-- First Restore Point --
1: 2008-06-09 05:27:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as TANYA.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:48 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\TANYA\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TANYA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [{d1c99c30-eb58-c20f-0aeb-2c9ee8aadafb}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{b8d20e3d-4442-a530-e8be-216029059995}.dll" DllInit
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jrwnw64k.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: cbXrOGwv - cbXrOGwv.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8793 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S1 rmcastt - c:\windows\system32\drivers\rmcastt.sys (file missing)
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-06 18:30:00 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NIKKI-TANYA).job
2008-06-06 15:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-29 17:02:00 264 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-05-19 16:41:55 338 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 17:32:06 0 d-------- C:\Program Files\Trend Micro
2008-06-09 14:01:19 0 d-------- C:\WINDOWS\LastGood
2008-06-09 13:45:00 68096 --a------ C:\WINDOWS\zip.exe
2008-06-09 13:45:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-09 13:45:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-09 13:45:00 98816 --a------ C:\WINDOWS\sed.exe
2008-06-09 13:45:00 80412 --a------ C:\WINDOWS\grep.exe
2008-06-09 13:45:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 13:44:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 13:44:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-09 04:24:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-09 04:24:24 0 d-------- C:\WINDOWS\system32\bits
2008-06-08 23:37:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-08 23:37:47 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 21:32:13 0 d-------- C:\VundoFix Backups
2008-06-08 21:30:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-07 22:47:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 22:21:25 0 d-------- C:\WINDOWS\system32\vntiho06
2008-06-07 22:20:35 0 d-------- C:\Program Files\uTorrent
2008-06-06 04:11:36 0 d-------- C:\Program Files\Veoh Networks
2008-06-05 15:30:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-02 15:24:00 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-01 15:10:36 1169 --a------ C:\WINDOWS\mozver.dat
2008-05-31 20:34:05 0 d-------- C:\Documents and Settings\TANYA\Application Data\acccore
2008-05-31 20:27:27 0 d-------- C:\Program Files\AIM6
2008-05-29 22:43:39 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-22 19:32:00 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-22 16:25:54 0 d-------- C:\Program Files\AVG
2008-05-22 16:13:11 0 d-------- C:\Documents and Settings\TANYA\.housecall6.6
2008-05-21 17:22:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-21 17:10:09 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-21 17:10:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-21 17:10:09 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-21 17:10:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-21 17:10:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-21 17:10:09 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-21 17:10:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-21 17:10:09 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-21 14:55:57 0 d-------- C:\WINDOWS\pss
2008-05-20 15:36:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-20 15:32:26 0 dr-h----- C:\Documents and Settings\TANYA\Recent
2008-05-20 01:46:42 0 d--h----- C:\$AVG8.VAULT$
2008-05-20 00:43:30 0 d-------- C:\Documents and Settings\TANYA\Application Data\AVGTOOLBAR
2008-05-20 00:43:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-20 00:32:58 3394 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-19 22:40:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 22:40:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:40:12 0 d-------- C:\Documents and Settings\TANYA\Application Data\SUPERAntiSpyware.com
2008-05-19 16:36:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-19 16:33:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-19 16:33:31 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-19 16:33:31 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-19 16:33:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-19 16:33:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-05-19 16:33:30 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-19 16:33:30 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-19 16:33:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-19 16:33:30 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-19 16:33:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-19 16:33:30 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-19 16:33:30 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-19 16:33:29 2359296 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-19 16:18:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-19 14:52:57 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-19 13:28:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-19 13:28:38 0 d-------- C:\Documents and Settings\TANYA\Application Data\Uniblue
2008-05-19 13:28:06 0 d-------- C:\Program Files\Uniblue
2008-05-18 13:55:18 0 d-------- C:\Program Files\AskSBar
2008-05-18 13:53:34 164 --a------ C:\install.dat
2008-05-18 12:00:00 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-18 11:58:51 0 d-------- C:\Documents and Settings\TANYA\Application Data\Talkback
2008-05-18 11:57:03 0 d--hs---- C:\WINDOWS\VEFOWUE
2008-05-18 11:56:26 0 d-------- C:\WINDOWS\system32\polX
2008-05-18 11:56:26 0 d-------- C:\WINDOWS\system32\GUI2
2008-05-18 11:56:26 0 d-------- C:\WINDOWS\system32\binR
2008-05-18 11:56:26 0 d-------- C:\WINDOWS\system32\3036a
2008-05-18 11:56:02 0 d-------- C:\WINDOWS\system32\logXv06
2008-05-18 11:56:02 0 d-------- C:\Temp
2008-05-17 08:40:46 0 d-------- C:\Documents and Settings\TANYA\Application Data\Sonic


-- Find3M Report ---------------------------------------------------------------

2008-06-07 11:05:22 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-07 11:05:20 56 -r-hs---- C:\WINDOWS\system32\272CC519BE.sys
2008-06-06 04:12:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 15:10:44 0 d-------- C:\Documents and Settings\TANYA\Application Data\Adobe
2008-05-31 20:27:39 0 d-------- C:\Program Files\Common Files\AOL
2008-05-29 22:43:53 0 d-------- C:\Program Files\Viewpoint
2008-05-24 00:16:31 0 d-------- C:\Program Files\Common Files
2008-05-20 15:31:48 0 d-------- C:\Program Files\Yahoo!
2008-05-19 22:45:02 0 d-------- C:\Program Files\Google
2008-05-19 02:19:15 0 d-------- C:\Program Files\Sonic
2008-05-03 15:03:54 0 d-------- C:\Documents and Settings\TANYA\Application Data\Yahoo!
2008-05-01 03:16:04 0 d-------- C:\Program Files\Picasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/02/2008 03:23 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [05/18/2008 01:55 PM 267592]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/02/2008 03:23 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{d1c99c30-eb58-c20f-0aeb-2c9ee8aadafb}"="C:\WINDOWS\system32\{b8d20e3d-4442-a530-e8be-216029059995}.dll" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/24/2005 07:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/10/2005 12:19 AM C:\WINDOWS\stsystra.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [02/08/2006 02:05 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/08/2006 02:05 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/01/2005 06:24 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 12:06 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/02/2008 03:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 03:21 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/15/2008 04:11 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrOGwv]
cbXrOGwv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a8-d140-11dc-9644-00142296ce90}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a9-d140-11dc-9644-00142296ce90}]




-- End of Deckard's System Scanner: finished at 2008-06-09 17:34:07 ------------

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:49 AM

Posted 09 June 2008 - 07:13 PM

Your scans will continue to pick up on infected files even when they are quarantined. Don't worry about those scans yet until we can determine if the infection is active or quarantined.


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\vntiho06
C:\Program Files\AskSBar
C:\WINDOWS\VEFOWUE
C:\WINDOWS\system32\polX
C:\WINDOWS\system32\logXv06
C:\WINDOWS\system32\GUI2
C:\WINDOWS\system32\binR
C:\WINDOWS\system32\3036a
C:\Temp\dmpxp32

Dirlook::
C:\Documents and Settings\TANYA\Application Data\Talkback

Driver::
rmcastt

File::
C:\install.dat
C:\WINDOWS\system32\{b8d20e3d-4442-a530-e8be-216029059995}.dll-uninst.exe
C:\WINDOWS\system32\drivers\rmcastt.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{d1c99c30-eb58-c20f-0aeb-2c9ee8aadafb}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXrOGwv]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 08:17 PM

ok, im doing that now. I'll get back to you in a half hour.

Edited by UCFKNIGHTJ, 09 June 2008 - 08:21 PM.


#10 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 09 June 2008 - 08:38 PM

followed directions and hear is the new combofix log
ComboFix 08-06-08.8 - TANYA 2008-06-09 21:40:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -5:00]
Running from: C:\Documents and Settings\TANYA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\TANYA\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\install.dat
C:\WINDOWS\system32\{b8d20e3d-4442-a530-e8be-216029059995}.dll-uninst.exe
C:\WINDOWS\system32\drivers\rmcastt.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\TANYA\Start Menu\Programs\Startup\DW_Start.lnk
C:\install.dat
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\000698C8
C:\Program Files\AskSBar\bar\Cache\00077482
C:\Program Files\AskSBar\bar\Cache\0007CFC1.bin
C:\Program Files\AskSBar\bar\Cache\0007DCE0.bin
C:\Program Files\AskSBar\bar\Cache\0007DF32.bin
C:\Program Files\AskSBar\bar\Cache\0007E0F7.bin
C:\Program Files\AskSBar\bar\Cache\0007E50E.bin
C:\Program Files\AskSBar\bar\Cache\0007F2AB.bin
C:\Program Files\AskSBar\bar\Cache\0007F441.bin
C:\Program Files\AskSBar\bar\Cache\0007F606.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Temp\dmpxp32
C:\Temp\dmpxp32\sakldsr.log
C:\VundoFix Backups
C:\WINDOWS\system32\{b8d20e3d-4442-a530-e8be-216029059995}.dll-uninst.exe
C:\WINDOWS\system32\3036a
C:\WINDOWS\system32\binR
C:\WINDOWS\system32\GUI2
C:\WINDOWS\system32\logXv06
C:\WINDOWS\system32\polX
C:\WINDOWS\system32\vntiho06
C:\WINDOWS\VEFOWUE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RMCASTT
-------\Service_rmcastt


((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 17:32 . 2008-06-09 17:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 17:30 . 2008-06-09 17:30 <DIR> d-------- C:\Deckard
2008-06-09 04:24 . 2008-06-09 04:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-09 04:24 . 2008-06-09 04:24 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-09 04:23 . 2007-03-29 07:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-09 04:23 . 2007-03-29 07:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-09 04:23 . 2007-03-29 07:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-09 04:23 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-09 04:23 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-09 04:23 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-06-09 04:23 . 2008-06-09 04:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-07 22:47 . 2008-06-07 22:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-07 22:47 . 2008-06-07 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 22:20 . 2008-06-08 22:28 <DIR> d-------- C:\Program Files\uTorrent
2008-06-07 03:50 . 2008-06-09 16:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 03:50 . 2008-06-07 03:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 15:30 . 2008-06-05 15:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-02 15:24 . 2008-06-09 20:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:24 . 2008-06-02 15:24 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:24 . 2008-06-02 15:24 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-02 15:24 . 2008-06-02 15:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-01 15:10 . 2008-06-01 15:10 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-31 20:34 . 2008-05-31 20:34 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\acccore
2008-05-31 20:27 . 2008-05-31 20:31 <DIR> d-------- C:\Program Files\AIM6
2008-05-29 22:43 . 2008-05-29 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-29 22:42 . 2008-06-02 23:27 935 --ah----- C:\IPH.PH
2008-05-22 19:32 . 2008-05-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-22 16:25 . 2008-05-22 16:25 <DIR> d-------- C:\Program Files\AVG
2008-05-22 16:13 . 2008-05-22 16:13 <DIR> d-------- C:\Documents and Settings\TANYA\.housecall6.6
2008-05-21 17:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-21 17:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-21 17:10 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-21 17:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-21 17:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-21 17:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-21 17:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-21 17:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-20 15:36 . 2008-05-20 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-20 01:46 . 2008-06-09 16:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-20 00:43 . 2008-05-20 01:28 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\AVGTOOLBAR
2008-05-20 00:43 . 2008-06-02 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-20 00:32 . 2008-05-21 17:26 3,394 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-19 22:40 . 2008-05-19 23:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:40 . 2008-05-19 23:49 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\SUPERAntiSpyware.com
2008-05-19 22:40 . 2008-05-19 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 17:13 . 2008-05-19 17:13 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-19 16:36 . 2008-05-19 16:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-19 16:33 . 2006-02-08 02:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-05-19 16:33 . 2008-05-20 00:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-19 16:18 . 2008-05-24 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-19 14:52 . 2008-06-09 17:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\Uniblue
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\Uniblue
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-18 11:58 . 2008-05-18 11:58 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\Talkback
2008-05-18 11:56 . 2008-06-09 21:40 <DIR> d-------- C:\Temp
2008-05-17 08:40 . 2008-05-17 08:40 <DIR> d-------- C:\Documents and Settings\TANYA\Application Data\Sonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 19:08 4,313,367 ----a-w C:\WINDOWS\java\Packages\X3RDNFRP.ZIP
2008-06-07 16:05 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-01 01:27 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-01 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-30 03:43 --------- d-----w C:\Program Files\Viewpoint
2008-05-30 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-23 00:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-20 20:31 --------- d-----w C:\Program Files\Yahoo!
2008-05-20 03:45 --------- d-----w C:\Program Files\Google
2008-05-19 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-19 07:19 --------- d-----w C:\Program Files\Sonic
2008-05-03 20:03 --------- d-----w C:\Documents and Settings\TANYA\Application Data\Yahoo!
2008-05-03 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-01 08:16 --------- d-----w C:\Program Files\Picasa2
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\TANYA\Application Data\Talkback ----

2008-06-09 21:37 370 --a------ C:\Documents and Settings\TANYA\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008040413\permdata.box
2008-06-02 21:27 482 --a------ C:\Documents and Settings\TANYA\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008040413\Talkback.ini
2008-05-19 21:41 20 --a------ C:\Documents and Settings\TANYA\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008040413\info.db
2008-05-19 20:30 3323 --a------ C:\Documents and Settings\TANYA\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008040413\manifest.ini
2008-05-18 14:36 370 --a------ C:\Documents and Settings\TANYA\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2007091417\permdata.box
2008-05-18 11:58 3323 --a------ C:\Documents and Settings\TANYA\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2007091417\manifest.ini


((((((((((((((((((((((((((((( snapshot@2008-06-09_13.56.16.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-09 19:19:17 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\9e95e232003172469892b310804cebec\Accessibility.ni.dll
+ 2008-06-09 19:19:32 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\626758fd3ab1ef4cbdbd432b6192dd9b\AspNetMMCExt.ni.dll
+ 2008-06-09 19:20:24 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\75a30d1c4830c44e984eb103b7779152\CustomMarshalers.ni.dll
+ 2008-06-09 19:20:04 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\ea6af92111d5ef46a480c548c11ec744\dfsvc.ni.exe
+ 2008-06-09 19:21:38 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\29985dee9a0d9644960e47a712270f00\Microsoft.Build.Engine.ni.dll
+ 2008-06-09 19:21:42 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6ade949511f44246b5401dd312b2a139\Microsoft.Build.Framework.ni.dll
+ 2008-06-09 19:22:22 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\86c9a4b21adc6b47ade7d181be7caf29\Microsoft.Build.Tasks.ni.dll
+ 2008-06-09 19:22:23 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\84a0db08e977e64f80dd3633c8547be2\Microsoft.Build.Utilities.ni.dll
+ 2008-06-09 19:22:56 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\430537dc9e8d0844bd43104e4de13b84\Microsoft.VisualBasic.ni.dll
+ 2008-06-09 19:24:50 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\8385ff61e2fca3408a8635bb75617419\System.Configuration.ni.dll
+ 2008-06-09 19:24:55 1,716,224 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a887aefcb6002144a64ea7f51db5e7b3\System.Deployment.ni.dll
+ 2008-06-09 19:25:00 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1d458e66724e674abf98da3635079e08\System.DirectoryServices.ni.dll
+ 2008-06-09 19:25:03 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a61421061be79745948a8de171773335\System.DirectoryServices.Protocols.ni.dll
+ 2008-06-09 19:25:08 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\417c48a007131e4e8f8f718086b3a2bc\System.EnterpriseServices.ni.dll
+ 2008-06-09 19:25:08 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\417c48a007131e4e8f8f718086b3a2bc\System.EnterpriseServices.Wrapper.dll
+ 2008-06-09 19:25:12 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\a3849f661b49d54db5f7c228e9f44ec3\System.Security.ni.dll
+ 2008-06-09 19:25:16 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\1487f78249f6f84f93cdb73ee7ef823a\System.Transactions.ni.dll
+ 2008-06-09 19:31:49 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\8adcb9ff79701442896097f0302dd072\System.Web.Mobile.ni.dll
+ 2008-06-09 19:31:50 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\54089202d82ac74bbce22144ba2aee27\System.Web.RegularExpressions.ni.dll
+ 2008-06-09 19:32:03 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d9dd6ac97f2f4c4f8a7bb4043f24c1ed\System.Web.Services.ni.dll
+ 2008-06-09 19:31:02 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\10fc33bbebd66b45ae0ea966d99f4c0a\System.Web.ni.dll
- 2008-06-09 18:51:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 02:43:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-04 11:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2005-10-12 23:12:25 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-02 15:23 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-02 15:23 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-06-02 15:23 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 07:36 729178]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-08 02:05 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-08 02:05 98304]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 18:24 684032]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:23 1177368]

C:\Documents and Settings\TANYA\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2007-11-05 22:01:36 1685040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-08 02:01:26 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-02 15:23]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-02 15:24]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 12:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a8-d140-11dc-9644-00142296ce90}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NIKKI-TANYA).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-06-06 20:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-29 22:02:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-19 21:41:55 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 21:43:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-09 21:48:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 02:47:54
ComboFix2.txt 2008-06-09 18:57:05

Pre-Run: 27,000,844,288 bytes free
Post-Run: 26,989,981,696 bytes free

283 --- E O F --- 2008-06-10 00:07:37

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:49 AM

Posted 10 June 2008 - 09:19 AM

You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

==================



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new log from DSS.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 10 June 2008 - 01:15 PM

Still running a little slow, very slow start up. I'm assuming this is from the remaining trojan. Here is the kaspersky log I'll post another hijack this log in another reply
Tuesday, June 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 10, 2008 15:24:20
Records in database: 845734
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 47884
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:16:05

File name Threat name Threats count
C:\QooBox\Quarantine\C\Documents and Settings\TANYA\Application Data\Microsoft\dtsc\13808.exe.vir Infected: Trojan-Downloader.Win32.Agent.shg 1

#13 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 10 June 2008 - 01:23 PM

here is the new log
-- Find3M Report ---------------------------------------------------------------

2008-06-10 12:06:03 0 d-------- C:\Program Files\Java
2008-06-10 12:00:55 0 d-------- C:\Program Files\Common Files
2008-06-09 17:49:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-07 11:05:22 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-07 11:05:20 56 -r-hs---- C:\WINDOWS\system32\272CC519BE.sys
2008-06-01 15:10:44 0 d-------- C:\Documents and Settings\TANYA\Application Data\Adobe
2008-05-31 20:27:39 0 d-------- C:\Program Files\Common Files\AOL
2008-05-29 22:43:53 0 d-------- C:\Program Files\Viewpoint
2008-05-20 15:31:48 0 d-------- C:\Program Files\Yahoo!
2008-05-19 22:45:02 0 d-------- C:\Program Files\Google
2008-05-19 02:19:15 0 d-------- C:\Program Files\Sonic
2008-05-03 15:03:54 0 d-------- C:\Documents and Settings\TANYA\Application Data\Yahoo!
2008-05-01 03:16:04 0 d-------- C:\Program Files\Picasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/02/2008 03:23 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/02/2008 03:23 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/24/2005 07:36 AM]
"SigmatelSysTrayApp"="stsystra.exe" [09/10/2005 12:19 AM C:\WINDOWS\stsystra.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [02/08/2006 02:05 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/08/2006 02:05 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/01/2005 06:24 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 12:06 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/02/2008 03:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 03:21 PM]

C:\Documents and Settings\TANYA\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [11/5/2007 10:01:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/8/2006 2:01:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a8-d140-11dc-9644-00142296ce90}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a9-d140-11dc-9644-00142296ce90}]




-- End of Deckard's System Scanner: finished at 2008-06-10 14:34:37 ------------

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:49 AM

Posted 10 June 2008 - 08:09 PM

Looks like only the second half of the log posted. Can you repost the entire log?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 UCFKNIGHTJ

UCFKNIGHTJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 10 June 2008 - 09:33 PM

This should be the full log
Deckard's System Scanner v20071014.68
Run by TANYA on 2008-06-10 22:29:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as TANYA.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:17 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\TANYA\Desktop\dss.exe
C:\DOCUME~1\TANYA\Desktop\TANYA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7934 bytes

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 12:06:20 0 d-------- C:\Program Files\Sun
2008-06-10 12:00:55 0 d-------- C:\Program Files\Common Files\Java
2008-06-09 17:32:06 0 d-------- C:\Program Files\Trend Micro
2008-06-09 13:45:00 68096 --a------ C:\WINDOWS\zip.exe
2008-06-09 13:45:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-09 13:45:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-09 13:45:00 98816 --a------ C:\WINDOWS\sed.exe
2008-06-09 13:45:00 80412 --a------ C:\WINDOWS\grep.exe
2008-06-09 13:45:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 13:44:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 13:44:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-09 04:24:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-09 04:24:24 0 d-------- C:\WINDOWS\system32\bits
2008-06-08 21:30:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-07 22:47:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 22:20:35 0 d-------- C:\Program Files\uTorrent
2008-06-05 15:30:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-02 15:24:00 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-01 15:10:36 1169 --a------ C:\WINDOWS\mozver.dat
2008-05-31 20:34:05 0 d-------- C:\Documents and Settings\TANYA\Application Data\acccore
2008-05-31 20:27:27 0 d-------- C:\Program Files\AIM6
2008-05-29 22:43:39 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-22 19:32:00 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-22 16:25:54 0 d-------- C:\Program Files\AVG
2008-05-22 16:13:11 0 d-------- C:\Documents and Settings\TANYA\.housecall6.6
2008-05-21 17:22:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-21 17:10:09 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-21 17:10:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-21 17:10:09 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-21 17:10:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-21 17:10:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-21 17:10:09 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-21 17:10:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-21 17:10:09 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-21 14:55:57 0 d-------- C:\WINDOWS\pss
2008-05-20 15:36:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-20 15:32:26 0 dr-h----- C:\Documents and Settings\TANYA\Recent
2008-05-20 01:46:42 0 d--h----- C:\$AVG8.VAULT$
2008-05-20 00:43:30 0 d-------- C:\Documents and Settings\TANYA\Application Data\AVGTOOLBAR
2008-05-20 00:43:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-20 00:32:58 3394 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-19 22:40:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 22:40:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:40:12 0 d-------- C:\Documents and Settings\TANYA\Application Data\SUPERAntiSpyware.com
2008-05-19 16:36:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-19 16:33:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-19 16:33:31 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-19 16:33:31 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-19 16:33:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-19 16:33:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-05-19 16:33:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-05-19 16:33:30 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-19 16:33:30 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-19 16:33:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-19 16:33:30 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-19 16:33:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-19 16:33:30 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-19 16:33:30 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-19 16:33:29 2359296 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-19 16:18:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-19 14:52:57 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-19 13:28:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-19 13:28:38 0 d-------- C:\Documents and Settings\TANYA\Application Data\Uniblue
2008-05-19 13:28:06 0 d-------- C:\Program Files\Uniblue
2008-05-18 12:00:00 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-18 11:58:51 0 d-------- C:\Documents and Settings\TANYA\Application Data\Talkback
2008-05-18 11:56:02 0 d-------- C:\Temp
2008-05-17 08:40:46 0 d-------- C:\Documents and Settings\TANYA\Application Data\Sonic


-- Find3M Report ---------------------------------------------------------------

2008-06-10 12:06:03 0 d-------- C:\Program Files\Java
2008-06-10 12:00:55 0 d-------- C:\Program Files\Common Files
2008-06-09 17:49:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-07 11:05:22 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-07 11:05:20 56 -r-hs---- C:\WINDOWS\system32\272CC519BE.sys
2008-06-01 15:10:44 0 d-------- C:\Documents and Settings\TANYA\Application Data\Adobe
2008-05-31 20:27:39 0 d-------- C:\Program Files\Common Files\AOL
2008-05-29 22:43:53 0 d-------- C:\Program Files\Viewpoint
2008-05-20 15:31:48 0 d-------- C:\Program Files\Yahoo!
2008-05-19 22:45:02 0 d-------- C:\Program Files\Google
2008-05-19 02:19:15 0 d-------- C:\Program Files\Sonic
2008-05-03 15:03:54 0 d-------- C:\Documents and Settings\TANYA\Application Data\Yahoo!
2008-05-01 03:16:04 0 d-------- C:\Program Files\Picasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/02/2008 03:23 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/02/2008 03:23 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/24/2005 07:36 AM]
"SigmatelSysTrayApp"="stsystra.exe" [09/10/2005 12:19 AM C:\WINDOWS\stsystra.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [02/08/2006 02:05 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/08/2006 02:05 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/01/2005 06:24 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 12:06 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/02/2008 03:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 03:21 PM]

C:\Documents and Settings\TANYA\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [11/5/2007 10:01:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/8/2006 2:01:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a8-d140-11dc-9644-00142296ce90}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff647a9-d140-11dc-9644-00142296ce90}]




-- End of Deckard's System Scanner: finished at 2008-06-10 22:30:47 ------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users