Frank K

it's there. Perhaps Secuity Checker searches in "C:\Windows\system32\" instead of "%SYSTEMROOT%\system32\" because my system is installed on D: instead of C:

I'll switch to Avira and update the rest. I do not think that I deleted nslookup.exe

I don't even use firefox, I keep it for rare occasions. I once wrote a simple RPG in C++, and then later reused it as a "trojan" that replaced my friend's host file and blocked his favorite websites... Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: AVG Free 9.0 Antivirus out of date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 17 Java 6 Update 5 Out of date Java installed! Adobe Flash Player 10.0.32.18 Mozilla Firefox (3.5.11) Firefox Out of Date! Mozilla Thunderbird (2.0.0) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgnsx.exe ```````````````````````````````` DNS Vulnerability Check: nslookup.exe missing! Unknown. This method cannot test your vulnerability to DNS cache poisoning. ``````````End of Log```````````` looking at AVG, I think that the virus deleted my virus definitions entirely? because under "Virus DB:" it's blank.

https://www.virustotal.com/analisis/4f0fae3...ad95-1280601189

if I remember correctly, dalak.bat is a batch file that essentially causes an infinite loop of opening itself (or maybe I made sure that it was a finite loop, I can't remember). I made it as an example for a friend, who made it "better" and sent it back to me. I haven't seen that file in years, hah good memories. The rar was an old keygen, I've already deleted it. Since you're probably wondering, I no longer use them (and when I used to, I would run them in a networkless locked-down VM)

-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, July 31, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, July 30, 2010 22:02:59 Records in database: 4191399 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ Scan statistics: Objects scanned: 419859 Threats found: 17 Infected objects found: 36 Suspicious objects found: 0 Scan duration: 06:31:11 File name / Threat / Threats count D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\2\28c08482-28323482 Infected: Exploit.OSX.Smid.c 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\2\42aa7c82-2306041b Infected: Trojan-Downloader.Java.OpenConnection.at 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\2\42aa7c82-2306041b Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\28\7bfbd51c-1c3da304 Infected: Trojan-Downloader.Java.OpenConnection.at 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\28\7bfbd51c-1c3da304 Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\29\3c3bc5d-33c7bb55 Infected: Trojan-Downloader.Java.Agent.ea 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\32\2969eda0-37da4439 Infected: Exploit.Java.Agent.a 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\32\2969eda0-37da4439 Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-76c1a510 Infected: Trojan-Downloader.Java.OpenConnection.at 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-76c1a510 Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-5cc9692a Infected: Trojan-Downloader.Java.OpenConnection.at 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-5cc9692a Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\56\45a35b8-6fd94ddf Infected: Trojan-Downloader.Java.Agent.bj 3 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\58\22f687a-1bdc6396 Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\58\22f687a-1bdc6396 Infected: Trojan-Downloader.Java.OpenStream.ad 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-46a7ae25 Infected: Trojan-Downloader.Java.OpenConnection.at 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-46a7ae25 Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\8\6752cf48-69b83289 Infected: Exploit.Java.Agent.f 1 D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\8\6752cf48-69b83289 Infected: Trojan-Downloader.Java.Agent.fi 2 D:\Documents and Settings\Doog\My Documents\AIM Downloads\old\Dalak.bat Infected: Trojan.BAT.Flood.c 1 D:\Documents and Settings\Doog\My Documents\Downloads\281546_12.rar Infected: HackTool.Win32.Kiser.fm 1 D:\Documents and Settings\Doog\My Documents\Downloads\mirc634.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1 D:\Documents and Settings\Doog\My Documents\Downloads\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1 D:\Documents and Settings\Doog\My Documents\Downloads\tightvnc-1.3.10-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 D:\Documents and Settings\Doog\Taskbar Menu\games\mmassacre\Muslim Massacre.exe Infected: Hoax.Win32.BadJoke.Formatter.gf 1 D:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1 D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1 D:\Program Files\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1 D:\Program Files\mIRC\mirc.old.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1 D:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul Infected: Trojan-Spy.JS.Agent.a 1 D:\System Volume Information\_restore{E95A30C2-AB03-4C3E-951D-204D4B1049E8}\RP458\A0045684.exe Infected: P2P-Worm.Win32.Agent.afl 1 D:\System Volume Information\_restore{E95A30C2-AB03-4C3E-951D-204D4B1049E8}\RP458\A0045685.sys Infected: Rootkit.Win32.TDSS.ap 1 D:\System Volume Information\_restore{E95A30C2-AB03-4C3E-951D-204D4B1049E8}\RP458\A0049021.exe Infected: Trojan-GameThief.Win32.Tibia.gre 1 Selected area has been scanned. does it always consider IRC clients to be malicious?

on the surface, it's fine. My performance does not seem to be affected (I've been playing Civ3 with no noticeable lag, which I would get if my computer had any less processing power than it does) and netstat doesn't show any malicious internet connections happening. I don't think that there are any processes running that don't normally start up, but I'm not 100% positive. I typically close everything that I isn't necessary whenever I boot up, and I haven't been doing that to ensure that the scans can catch malicious ones. I'm downloading kaspersky right now, will post the AV log when it's done

I tried running both DDS.scr and DDS.com in normal mode, a cmd window would open and close. I tried running it with "Close on exit" unchecked, which revealed just a blank terminal window so some part of it just isn't initializing. for what it's worth, I have a new DDS.txt from safemode: DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL Run by Doog at 17:46:04.92 on Fri 07/30/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.750 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\system32\svchost.exe -k netsvcs D:\Program Files\AVG\AVG9\avgchsvx.exe D:\WINDOWS\system32\userinit.exe D:\WINDOWS\Explorer.EXE D:\Program Files\TortoiseSVN\bin\TSVNCache.exe D:\Documents and Settings\Doog\Desktop\dds.com ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [d:\program files\netmeter\netmeter.exe] d:\program files\netmeter\NetMeter.exe uRun: [Google Update] "d:\documents and settings\doog\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Aim] "d:\program files\aim\aim.exe" /d locale=en-US uRun: [skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [soundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe mRun: [TdspMa] d:\program files\irxon\total wireless\panel\TdspMa.exe mRun: [safeSex_To Do List] "d:\program files\safesex\safesex.exe" /PROFILE=To Do List mRun: [safeSex_ss notes] "d:\program files\safesex\safesex.exe" /PROFILE=ss notes mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup mRun: [amd_dc_opt] d:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [safeSex_iPod] "d:\program files\safesex\safesex.exe" /PROFILE=iPod mRun: [AVG9_TRAY] d:\progra~1\avg\avg9\avgtray.exe mRun: [KPDrv4XP] d:\progra~1\microi~1\intern~1\KPDrv4XP.EXE mRun: [safeSex_beep] "d:\program files\safesex\safesex.exe" /PROFILE=beep mRun: [iSUSPM Startup] d:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [iSUSScheduler] "d:\program files\common files\installshield\updateservice\issch.exe" -start uPolicies-explorer: NoSMHelp = 01000000 uPolicies-explorer: NoLogoff = 01000000 IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\doog\applic~1\mozilla\firefox\profiles\19lnv8qr.default\ FF - plugin: d:\documents and settings\doog\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\byond\bin\npbyond.dll FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: d:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - d:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D} FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsed:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [2009-6-25 2883968] S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys --> d:\windows\system32\drivers\avgldx86.sys [?] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-6-25 29584] S1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-6-25 243024] S2 DirMngr;DirMngr;d:\program files\gnu\gnupg\dirmngr.exe [2009-9-28 242176] S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104] S2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [2005-7-25 23680] S2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\viewpoint\common\ViewpointService.exe [2009-6-25 24652] S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [2009-6-25 197376] S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [2009-8-3 17920] S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [2009-8-24 79360] S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\drivers\2862wicb.sys --> d:\windows\system32\drivers\2862WICB.sys [?] S3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [2009-6-25 161792] S4 avg9wd;AVG Free WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136] =============== Created Last 30 ================ 2010-07-29 18:53:09 0 d-----w- d:\program files\Trend Micro 2010-07-29 17:15:27 21 ----a-w- d:\windows\S.dirmngr 2010-07-29 03:17:12 0 d-sha-r- D:\cmdcons 2010-07-29 03:11:18 98816 ----a-w- d:\windows\sed.exe 2010-07-29 03:11:18 77312 ----a-w- d:\windows\MBR.exe 2010-07-29 03:11:18 256512 ----a-w- d:\windows\PEV.exe 2010-07-29 03:11:18 161792 ----a-w- d:\windows\SWREG.exe 2010-07-28 02:33:53 0 ----a-w- d:\documents and settings\doog\defogger_reenable 2010-07-27 23:32:04 0 d-----w- d:\docume~1\doog\applic~1\Malwarebytes 2010-07-27 23:31:49 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-07-27 23:31:47 20952 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-07-27 23:31:47 0 d-----w- d:\program files\Malwarebytes' Anti-Malware 2010-07-27 23:31:47 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-22 05:42:32 99988 ----a-w- d:\documents and settings\doog\.recently-used.xbel 2010-07-22 03:32:33 0 d-----w- d:\windows\system32\Adobe 2010-07-16 12:36:40 12536 ----a-w- d:\windows\system32\avgrsstx.dll 2010-07-10 18:11:53 5840 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast1 2010-07-10 18:11:50 73000 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast0 2010-07-08 19:38:28 414 ----a-w- d:\windows\system32\lame_acm.xml 2010-07-08 19:38:28 38 ----a-w- d:\windows\avisplitter.ini 2010-07-08 19:38:28 165376 ----a-w- d:\windows\system32\unrar.dll 2010-07-08 19:38:27 839680 ----a-w- d:\windows\system32\lameACM.acm 2010-07-08 19:38:27 790528 ----a-w- d:\windows\system32\xvidcore.dll 2010-07-08 19:38:27 217088 ----a-w- d:\windows\system32\yv12vfw.dll 2010-07-08 19:38:27 151552 ----a-w- d:\windows\system32\ac3acm.acm 2010-07-08 19:38:27 134144 ----a-w- d:\windows\system32\xvidvfw.dll 2010-07-08 19:38:26 547 ----a-w- d:\windows\system32\ff_vfw.dll.manifest 2010-07-08 19:38:26 108032 ----a-w- d:\windows\system32\ff_vfw.dll 2010-07-08 19:38:24 0 d-----w- d:\program files\K-Lite Codec Pack 2010-07-07 19:54:39 73728 ----a-w- d:\windows\system32\ISUSPM.cpl 2010-07-07 19:43:15 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys 2010-07-07 19:43:14 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys 2010-07-07 19:09:39 0 d-----w- d:\program files\Gothic III ==================== Find3M ==================== 2010-07-16 12:36:42 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys 2010-06-12 05:11:49 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys 2010-06-12 05:11:49 47360 ----a-w- d:\docume~1\doog\applic~1\pcouffin.sys 2010-05-22 05:41:08 4096 ----a-w- d:\windows\d3dx.dat 2010-05-19 20:24:45 444952 ----a-w- d:\windows\system32\wrap_oal.dll 2010-05-19 20:24:44 109080 ----a-w- d:\windows\system32\OpenAL32.dll 2010-05-02 20:35:58 56532 ---ha-w- d:\windows\system32\mlfcache.dat ============= FINISH: 17:46:41.01 ===============

ComboFix 10-07-30.01 - Doog 07/30/2010 17:17:06.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.659 [GMT -4:00] Running from: d:\documents and settings\Doog\Desktop\ComboFix.exe Command switches used :: d:\documents and settings\Doog\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "d:\windows\system32\stjxvn.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\reg.reg d:\windows\system32\stjxvn.dll . ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 ))))))))))))))))))))))))))))))) . 2010-07-29 18:53 . 2010-07-29 18:53 -------- d-----w- d:\program files\Trend Micro 2010-07-27 23:32 . 2010-07-27 23:32 -------- d-----w- d:\documents and settings\Doog\Application Data\Malwarebytes 2010-07-27 23:31 . 2010-04-29 19:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware 2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-27 23:31 . 2010-04-29 19:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-07-22 03:32 . 2010-07-22 03:49 -------- d-----w- d:\windows\system32\Adobe 2010-07-16 12:36 . 2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll 2010-07-08 19:38 . 2010-03-15 09:31 165376 ----a-w- d:\windows\system32\unrar.dll 2010-07-08 19:38 . 2010-06-08 16:10 790528 ----a-w- d:\windows\system32\xvidcore.dll 2010-07-08 19:38 . 2010-06-08 16:10 134144 ----a-w- d:\windows\system32\xvidvfw.dll 2010-07-08 19:38 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll 2010-07-08 19:38 . 2010-06-28 08:00 108032 ----a-w- d:\windows\system32\ff_vfw.dll 2010-07-08 19:38 . 2010-07-08 19:39 -------- d-----w- d:\program files\K-Lite Codec Pack 2010-07-07 19:54 . 2010-07-07 19:54 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield 2010-07-07 19:43 . 2010-07-07 19:43 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys 2010-07-07 19:43 . 2010-07-07 19:43 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys 2010-07-07 19:09 . 2010-07-07 21:22 -------- d-----w- d:\program files\Gothic III . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-29 22:38 . 2010-05-18 03:02 -------- d-----w- d:\program files\Steam 2010-07-29 17:18 . 2009-07-30 23:05 -------- d-----w- d:\documents and settings\Doog\Application Data\Skype 2010-07-29 17:16 . 2009-07-30 23:06 -------- d-----w- d:\documents and settings\Doog\Application Data\skypePM 2010-07-29 14:42 . 2009-08-18 04:30 -------- d-----w- d:\program files\Flock 2010-07-27 23:08 . 2009-10-07 20:30 -------- d-----w- d:\documents and settings\Doog\Application Data\Dropbox 2010-07-27 18:07 . 2009-06-28 00:00 1324 ----a-w- d:\windows\system32\d3d9caps.dat 2010-07-27 17:41 . 2009-07-09 18:00 -------- d-----w- d:\documents and settings\Doog\Application Data\uTorrent 2010-07-23 12:29 . 2010-07-23 12:29 1615200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-07-23 12:29 . 2010-07-23 12:29 1373536 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-07-23 12:29 . 2010-07-23 12:29 1107296 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-23 12:29 . 2010-07-23 12:29 4368224 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-07-22 04:02 . 2009-11-02 22:43 -------- d-----w- d:\documents and settings\Doog\Application Data\NoNameScript 2010-07-22 04:02 . 2009-06-26 03:28 -------- d-----w- d:\program files\mIRC 2010-07-21 18:14 . 2009-08-03 19:57 16 ----a-w- d:\windows\msocreg32.dat 2010-07-19 23:07 . 2009-08-09 16:20 -------- d-----w- d:\documents and settings\Doog\Application Data\Audacity 2010-07-16 12:37 . 2010-07-16 12:37 242896 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-07-16 12:37 . 2010-07-16 12:37 216200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-07-16 12:36 . 2009-06-26 02:01 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys 2010-07-16 12:34 . 2010-07-16 12:34 813336 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-07-16 12:34 . 2010-07-16 12:34 624920 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-07-16 12:34 . 2010-07-16 12:34 1690464 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-07-16 12:34 . 2010-07-16 12:34 1038688 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-07-13 04:02 . 2009-06-26 02:41 -------- d-----w- d:\documents and settings\Doog\Application Data\gtk-2.0 2010-07-10 19:26 . 2009-06-28 00:36 -------- d-----w- d:\documents and settings\Doog\Application Data\foobar2000 2010-07-10 19:18 . 2009-06-28 00:35 -------- d-----w- d:\program files\foobar2000 2010-07-08 19:31 . 2010-02-15 22:25 -------- d-----w- d:\program files\AllToAVI 2010-07-07 21:04 . 2009-06-25 20:35 -------- d--h--w- d:\program files\InstallShield Installation Information 2010-07-07 19:54 . 2009-06-25 20:33 -------- d-----w- d:\program files\Common Files\InstallShield 2010-07-07 17:20 . 2009-07-10 17:39 -------- d-----w- d:\documents and settings\All Users\Application Data\Soulseek 2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\Doog\Application Data\PlayFirst 2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\All Users\Application Data\PlayFirst 2010-06-19 01:23 . 2010-06-19 01:23 -------- d-----w- d:\program files\Tasty Planet 2010-06-19 01:22 . 2010-06-19 01:22 -------- d-----w- d:\program files\ReflexiveArcade 2010-06-13 18:57 . 2010-06-13 18:57 -------- d-----w- d:\program files\Common Files\Skype 2010-06-12 14:33 . 2010-06-12 04:56 -------- d-----w- d:\program files\VSO 2010-06-12 14:33 . 2010-06-12 04:57 -------- d-----w- d:\documents and settings\Doog\Application Data\Vso 2010-06-12 06:11 . 2010-06-12 06:11 -------- d-----w- d:\documents and settings\All Users\Application Data\vsosdk 2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys 2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys 2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys 2010-06-04 14:33 . 2010-06-03 18:27 1327 ----a-w- d:\windows\EntPack.dat 2010-06-02 12:47 . 2009-06-26 02:00 29584 ----a-w- d:\windows\system32\drivers\avgmfx86.sys 2010-06-02 04:59 . 2009-11-05 02:15 -------- d-----w- d:\program files\DOSBox-0.73 2010-05-22 05:41 . 2010-05-22 05:41 4096 ----a-w- d:\windows\d3dx.dat 2010-05-19 20:24 . 2010-05-19 20:24 444952 ----a-w- d:\windows\system32\wrap_oal.dll 2010-05-19 20:24 . 2010-05-19 20:24 109080 ----a-w- d:\windows\system32\OpenAL32.dll 2010-05-02 20:35 . 2010-05-02 20:35 56532 ---ha-w- d:\windows\system32\mlfcache.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264] "Google Update"="d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-25 133104] "Aim"="d:\program files\AIM\aim.exe" [2010-05-13 3823960] "Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352] "TdspMa"="d:\program files\IRXON\Total Wireless\panel\TdspMa.exe" [2008-05-16 106496] "SafeSex_To Do List"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "SafeSex_ss notes"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SafeSex_iPod"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760] "KPDrv4XP"="d:\progra~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2010-03-21 40960] "SafeSex_beep"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 "NoLogoff"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi4"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=d:\windows\pss\Privoxy.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^Dropbox.lnk] path=d:\documents and settings\Doog\Start Menu\Programs\Startup\Dropbox.lnk backup=d:\windows\pss\Dropbox.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^MagicDisc.lnk] path=d:\documents and settings\Doog\Start Menu\Programs\Startup\MagicDisc.lnk backup=d:\windows\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 23:03 152872 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-06-26 00:54 321344 ----a-w- d:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-06-25 21:05 133104 ----atw- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 21:33 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing] 2009-12-03 17:04 3118344 ----a-w- d:\program files\TechSmith\Jing\Jing.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb] 2010-03-21 01:37 401408 ----a-w- d:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] 2007-02-02 06:01 120368 ----a-w- d:\progra~1\Lenovo\LENOVO~1\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 19:57 153136 ----a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-09-18 03:55 13574144 ----a-w- d:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-09-18 03:55 86016 ----a-w- d:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-18 03:55 1657376 ----a-w- d:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2009-09-12 05:34 2524416 ----a-w- d:\program files\OO Software\Defrag\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] 2009-07-16 22:29 510416 ----a-w- d:\program files\Orb Networks\Orb\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 04:08 417792 ----a-w- d:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Alex ToDo] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_ARC] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_safesex] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Things I'd Like to Have] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_when you're done checking your sites] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_wish list] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_would you mind cleaning up the room] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 20:12 26192168 ----a-r- d:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-18 03:03 1238352 ----a-w- d:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 09:17 149280 ----a-w- d:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] 2009-07-12 01:32 5113430 ----a-w- d:\program files\Vidalia Bundle\Vidalia\vidalia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2003-04-02 02:20 12288 ----a-w- d:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8wd"=3 (0x3) "avg8emc"=2 (0x2) "iPod Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\BitBlinder\\BitBlinder.exe"= "d:\\Program Files\\DNA\\btdna.exe"= "d:\\Program Files\\mIRC\\mirc.exe"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\SoulseekNS\\slsk.exe"= "d:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\PFPortChecker\\PFPortChecker.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"= "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Documents and Settings\\Doog\\My Documents\\Downloads\\motepad6\\MotePad.exe"= "d:\\Program Files\\Flock\\flock.exe"= "d:\\Program Files\\BitBlinder\\Tor.exe"= "d:\\Program Files\\Java\\jre6\\bin\\java.exe"= "$INSTDIR\\FlvDetector.exe"= d:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "d:\\Program Files\\BYOND\\bin\\byond.exe"= "d:\\Program Files\\TightVNC\\WinVNC.exe"= "d:\\Program Files\\Mozilla Firefox\\firefox.exe"= "d:\\Program Files\\GNU\\GnuPG\\gpg-agent.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "d:\\WINDOWS\\system32\\mmc.exe"= "d:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"= "d:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "d:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "d:\\Program Files\\FileZilla FTP Client\\fzsftp.exe"= "d:\\Program Files\\FileZilla FTP Client\\fzputtygen.exe"= "d:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "d:\\Program Files\\AIM\\aim.exe"= "d:\\Program Files\\Steam\\Steam.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iii complete\\Conquests\\Civ3Conquests.exe"= "d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3114:TCP"= 3114:TCP:SlSk "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [6/25/2009 10:01 PM 243024] R2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [7/25/2005 5:13 AM 23680] R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\Viewpoint\Common\ViewpointService.exe [6/25/2009 5:14 PM 24652] R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [6/25/2009 8:39 PM 2883968] R3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [6/25/2009 8:39 PM 161792] S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\Drivers\avgldx86.sys --> d:\windows\system32\Drivers\avgldx86.sys [?] S2 DirMngr;DirMngr;d:\program files\GNU\GnuPG\dirmngr.exe [9/28/2009 12:15 PM 242176] S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 9:47 PM 133104] S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [6/25/2009 8:39 PM 197376] S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [8/3/2009 4:42 PM 17920] S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [8/24/2009 12:37 PM 79360] S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\DRIVERS\2862WICB.sys --> d:\windows\system32\DRIVERS\2862WICB.sys [?] S4 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:36 AM 308136] . Contents of the 'Scheduled Tasks' folder 2010-07-30 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46] 2010-07-30 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46] 2010-07-27 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003Core.job - d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05] 2010-07-29 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003UA.job - d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - d:\documents and settings\Doog\Application Data\Mozilla\Firefox\Profiles\19lnv8qr.default\ FF - plugin: d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\BYOND\bin\npbyond.dll FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: d:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-30 17:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG12.00.00.01PROFESSIONAL"="AB795364F17A9F318C529F99096BA0DE615C022E739CF5E20B6A9B554BA34884777AAC3A5B4 AB6F3606C562A0BD105C6635035DD9ACD16835BCC40492406BABC1303FDFD7BF0CA38C4170C1C503 8 15AAEEB6EFDA2BCE1985ED3CC0923518154C735A94E54D216484C15C4970F661262B3FF79B8D8A94 4 041D4A1832446A1A7E72088720E9F127E07F2074F8C7114028D26BED144FEBC9E127BECC74CFEBC9 E 127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC 4 980AC7933A6171C11EC38DE3D9DB7CE019D40AA5C9DB7CE019D40AA5C0AC47C218BCE8A4EC277FAC D 3EEED65CDE7F53EEE0E19754B9E1242595C46A82742905FE3B4C30C09AF16BB7BE585EF5997D6C81 3 A8FA22D8B5AC9DD660E5EB3CF1BC68958A2E04B6F985FF8182185F2DD4FBCDDF9BE8FB0F6C00446D 2 7FE6FBE069764579B4152BAE4C57AC940EA1F6DA07AED93DB5AD8D90F3CF0E6D8070B542E5BBD844 2 AF60194F04A151025B90C94B72670B67C0255C05A9A875FB99D9A62E83291F5EC63CF356C1F96FDB 4 099FE1FA783E2D5F44FD43DD49AAE11AC34A81CB6BDD5F2DEE81F62CB339E14B008470ECEF077A72 E 1E32B6C319145D46B48356D6953E4DDDEE1151ED92B553EC06DBDAE4BAE8D077B435B789DFA6C5E5 4 FB693125A7FCB62FA19EB7543D85A424761F653A3F673A64408DF4CE4A4EF06DB0D9FB0BB8B6328C D 474EFDF63B4DB359A3CB866689E65A65F4DDDF406F78CDD9599BAFA06AF8F5A73CEC1A5373783B33 D 8FD4667ADE2D7E0DFCB03BD806717E3E8EDAC7B21E52AEDBB8ACC875767F12236BEC4A6C65F4DA17 D 0EE3992AD26DC2270CE3B8748C055CB11B5DD007078F9F3703293D684E4622ED11C7F253675BB1D4 F 0D8F6F0DE6CBE809646D59B5D9C44019E0B878A1EBEB6B5CC51129F96C0FEE0C11F67BDA1344BBA9 C 2F52C6C530377AF332333B83B06C72076E3D6E75E02B8DC59935E3759A631CB626745CB5B776FD3E 9 300DD7C66FA124C1640F84E16F05CA687EF039110C181F55271623281B617A4AB22F9FC89C3B3F3B F 0D4664FEA3C34C4C2AE8C5443A6A6340D31D23698EA6A9D71E748BCB6BBA07D5C4DB946BA30C9F86 1 37F3025074B81B67D2D0C5CF0D402FA5AA1BE51B2DC6286E45BC28D51213944E5041BEE77C7FA8F6 5 526DBD3AD6BD07C8A76C8D87D075A612BC39B6BFB68A971DE5F71F4227A01713AEE3F6C172F561A4 3 4CAD368089B96490340ADC67784EA571484417A7FC4B7EA6DDFC1474A49813B2A322A8EA4D711B2E 8 A2240B3C41D3DB58C279FB52DB3BBE3B7E47C58B574F0DA9677DF57212F1C5E56D65E2523367A02D 0 4D955986E93B5E560B873923CAB3DFD343BB462A23F19F3BDC34E2BD3A164C4E2DB282D6218027A6 4 7CCED0100CB0E9BDDCE17E1031C94" . Completion time: 2010-07-30 17:30:19 ComboFix-quarantined-files.txt 2010-07-30 21:30 ComboFix2.txt 2010-07-29 03:40 Pre-Run: 16,299,896,832 bytes free Post-Run: 16,174,882,816 bytes free - - End Of File - - AF8845124802240E6EE911953A7E7384 DDS would not run, I will try it in safemode and post the results

winsock was what fixed the problem. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:57:08 PM, on 7/29/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\AVG\AVG9\avgchsvx.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Analog Devices\Core\smax4pnp.exe D:\Program Files\IRXON\Total Wireless\panel\TdspMa.exe D:\Program Files\SafeSex\safesex.exe D:\Program Files\SafeSex\safesex.exe D:\Program Files\IRXON\Total Wireless\panel\TdspWB.exe D:\Program Files\SafeSex\safesex.exe D:\PROGRA~1\AVG\AVG9\avgtray.exe D:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE D:\Program Files\SafeSex\safesex.exe D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe D:\Program Files\NetMeter\NetMeter.exe D:\WINDOWS\system32\taskmgr.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [TdspMa] D:\Program Files\IRXON\Total Wireless\panel\TdspMa.exe O4 - HKLM\..\Run: [safeSex_To Do List] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=To Do List O4 - HKLM\..\Run: [safeSex_ss notes] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=ss notes O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [safeSex_iPod] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=iPod O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [KPDrv4XP] D:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE O4 - HKLM\..\Run: [safeSex_beep] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=beep O4 - HKLM\..\Run: [iSUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Aim] "D:\Program Files\AIM\aim.exe" /d locale=en-US O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc01a.exe O23 - Service: DirMngr - Unknown owner - D:\Program Files\GNU\GnuPG\dirmngr.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kinetic Books License Service - Kinetic Books - D:\Program Files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5855 bytes

great, before I ran combofix my internet was being rerouted to fake websites and blocking antivirus sites by the trojan, now my internet is going through the proper channels and I can access malwarebytes from the infected PC now. scan for stjvxn.dll: http://www.virustotal.com/analisis/7d40af4...787a-1280424060

I'm suddenly unable to access the internet at all on the infected computer (although I can connect to my network). Is there a safe way to transfer the file to another computer for uploading?

Combofix results: ComboFix 10-07-27.05 - Doog 07/28/2010 23:22:14.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.563 [GMT -4:00] Running from: d:\documents and settings\Doog\Taskbar Menu\collage\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\documents and settings\Doog\Application Data\BITS d:\documents and settings\Doog\Application Data\BITS\BITS.ini d:\documents and settings\Doog\Application Data\BITS\DHTTable.dat d:\documents and settings\Doog\Application Data\BITS\pl.dat d:\documents and settings\Doog\Application Data\BITS\ProxyList.ini d:\documents and settings\Doog\Application Data\BITS\UPnP.ini d:\documents and settings\Doog\Application Data\FlashGetBHO d:\documents and settings\Doog\Application Data\FlashGetBHO\FlashGetBHO3.dll d:\documents and settings\Doog\Application Data\FlashGetBHO\GetAllUrl.htm d:\documents and settings\Doog\Application Data\FlashGetBHO\GetUrl.htm d:\documents and settings\Doog\Application Data\inst.exe d:\program files\FlashGet Network d:\program files\INSTALL.LOG d:\windows\system32\msippsth.dll d:\windows\system32\msvcsv60.dll d:\windows\system32\secustat.dat d:\windows\system32\skinboxer43.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCPIP_PASS-THROUGH_FILTER -------\Service_TCPIP Pass-through Filter ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 ))))))))))))))))))))))))))))))) . 2010-07-27 23:32 . 2010-07-27 23:32 -------- d-----w- d:\documents and settings\Doog\Application Data\Malwarebytes 2010-07-27 23:31 . 2010-04-29 19:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware 2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-27 23:31 . 2010-04-29 19:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-07-27 17:42 . 2010-07-27 17:42 8192 ----a-w- d:\windows\system32\stjxvn.dll 2010-07-22 03:32 . 2010-07-22 03:49 -------- d-----w- d:\windows\system32\Adobe 2010-07-16 12:36 . 2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll 2010-07-08 19:38 . 2010-03-15 09:31 165376 ----a-w- d:\windows\system32\unrar.dll 2010-07-08 19:38 . 2010-06-08 16:10 790528 ----a-w- d:\windows\system32\xvidcore.dll 2010-07-08 19:38 . 2010-06-08 16:10 134144 ----a-w- d:\windows\system32\xvidvfw.dll 2010-07-08 19:38 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll 2010-07-08 19:38 . 2010-06-28 08:00 108032 ----a-w- d:\windows\system32\ff_vfw.dll 2010-07-08 19:38 . 2010-07-08 19:39 -------- d-----w- d:\program files\K-Lite Codec Pack 2010-07-07 19:54 . 2010-07-07 19:54 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield 2010-07-07 19:43 . 2010-07-07 19:43 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys 2010-07-07 19:43 . 2010-07-07 19:43 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys 2010-07-07 19:09 . 2010-07-07 21:22 -------- d-----w- d:\program files\Gothic III . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-29 03:31 . 2009-07-30 23:05 -------- d-----w- d:\documents and settings\Doog\Application Data\Skype 2010-07-29 03:31 . 2009-07-30 23:06 -------- d-----w- d:\documents and settings\Doog\Application Data\skypePM 2010-07-27 23:08 . 2009-10-07 20:30 -------- d-----w- d:\documents and settings\Doog\Application Data\Dropbox 2010-07-27 23:07 . 2010-05-18 03:02 -------- d-----w- d:\program files\Steam 2010-07-27 18:07 . 2009-06-28 00:00 1324 ----a-w- d:\windows\system32\d3d9caps.dat 2010-07-27 17:41 . 2009-07-09 18:00 -------- d-----w- d:\documents and settings\Doog\Application Data\uTorrent 2010-07-23 12:29 . 2010-07-23 12:29 1615200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-07-23 12:29 . 2010-07-23 12:29 1373536 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-07-23 12:29 . 2010-07-23 12:29 1107296 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-23 12:29 . 2010-07-23 12:29 4368224 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-07-22 04:02 . 2009-11-02 22:43 -------- d-----w- d:\documents and settings\Doog\Application Data\NoNameScript 2010-07-22 04:02 . 2009-06-26 03:28 -------- d-----w- d:\program files\mIRC 2010-07-21 18:14 . 2009-08-03 19:57 16 ----a-w- d:\windows\msocreg32.dat 2010-07-19 23:07 . 2009-08-09 16:20 -------- d-----w- d:\documents and settings\Doog\Application Data\Audacity 2010-07-16 12:37 . 2010-07-16 12:37 242896 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-07-16 12:37 . 2010-07-16 12:37 216200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-07-16 12:36 . 2009-06-26 02:01 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys 2010-07-16 12:34 . 2010-07-16 12:34 813336 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-07-16 12:34 . 2010-07-16 12:34 624920 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-07-16 12:34 . 2010-07-16 12:34 1690464 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-07-16 12:34 . 2010-07-16 12:34 1038688 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-07-13 04:02 . 2009-06-26 02:41 -------- d-----w- d:\documents and settings\Doog\Application Data\gtk-2.0 2010-07-10 19:26 . 2009-06-28 00:36 -------- d-----w- d:\documents and settings\Doog\Application Data\foobar2000 2010-07-10 19:18 . 2009-06-28 00:35 -------- d-----w- d:\program files\foobar2000 2010-07-08 19:31 . 2010-02-15 22:25 -------- d-----w- d:\program files\AllToAVI 2010-07-07 21:04 . 2009-06-25 20:35 -------- d--h--w- d:\program files\InstallShield Installation Information 2010-07-07 19:54 . 2009-06-25 20:33 -------- d-----w- d:\program files\Common Files\InstallShield 2010-07-07 17:20 . 2009-07-10 17:39 -------- d-----w- d:\documents and settings\All Users\Application Data\Soulseek 2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\Doog\Application Data\PlayFirst 2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\All Users\Application Data\PlayFirst 2010-06-19 01:23 . 2010-06-19 01:23 -------- d-----w- d:\program files\Tasty Planet 2010-06-19 01:22 . 2010-06-19 01:22 -------- d-----w- d:\program files\ReflexiveArcade 2010-06-13 18:57 . 2010-06-13 18:57 -------- d-----w- d:\program files\Common Files\Skype 2010-06-12 14:33 . 2010-06-12 04:56 -------- d-----w- d:\program files\VSO 2010-06-12 14:33 . 2010-06-12 04:57 -------- d-----w- d:\documents and settings\Doog\Application Data\Vso 2010-06-12 06:11 . 2010-06-12 06:11 -------- d-----w- d:\documents and settings\All Users\Application Data\vsosdk 2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys 2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys 2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys 2010-06-04 14:33 . 2010-06-03 18:27 1327 ----a-w- d:\windows\EntPack.dat 2010-06-02 12:47 . 2009-06-26 02:00 29584 ----a-w- d:\windows\system32\drivers\avgmfx86.sys 2010-06-02 04:59 . 2009-11-05 02:15 -------- d-----w- d:\program files\DOSBox-0.73 2010-05-31 03:46 . 2009-09-04 02:15 -------- d-----w- d:\documents and settings\Doog\Application Data\FileZilla 2010-05-22 05:41 . 2010-05-22 05:41 4096 ----a-w- d:\windows\d3dx.dat 2010-05-19 20:24 . 2010-05-19 20:24 444952 ----a-w- d:\windows\system32\wrap_oal.dll 2010-05-19 20:24 . 2010-05-19 20:24 109080 ----a-w- d:\windows\system32\OpenAL32.dll 2010-05-02 20:35 . 2010-05-02 20:35 56532 ---ha-w- d:\windows\system32\mlfcache.dat 2010-05-01 03:09 . 2009-10-23 02:35 314752 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264] "Google Update"="d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-25 133104] "Aim"="d:\program files\AIM\aim.exe" [2010-05-13 3823960] "Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352] "TdspMa"="d:\program files\IRXON\Total Wireless\panel\TdspMa.exe" [2008-05-16 106496] "SafeSex_To Do List"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "SafeSex_ss notes"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SafeSex_iPod"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760] "KPDrv4XP"="d:\progra~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2010-03-21 40960] "SafeSex_beep"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624] "ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 "NoLogoff"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi4"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk backup=d:\windows\pss\Privoxy.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^Dropbox.lnk] path=d:\documents and settings\Doog\Start Menu\Programs\Startup\Dropbox.lnk backup=d:\windows\pss\Dropbox.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^MagicDisc.lnk] path=d:\documents and settings\Doog\Start Menu\Programs\Startup\MagicDisc.lnk backup=d:\windows\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 23:03 152872 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-06-26 00:54 321344 ----a-w- d:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-06-25 21:05 133104 ----atw- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 21:33 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing] 2009-12-03 17:04 3118344 ----a-w- d:\program files\TechSmith\Jing\Jing.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb] 2010-03-21 01:37 401408 ----a-w- d:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] 2007-02-02 06:01 120368 ----a-w- d:\progra~1\Lenovo\LENOVO~1\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 19:57 153136 ----a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-09-18 03:55 13574144 ----a-w- d:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-09-18 03:55 86016 ----a-w- d:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-18 03:55 1657376 ----a-w- d:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2009-09-12 05:34 2524416 ----a-w- d:\program files\OO Software\Defrag\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] 2009-07-16 22:29 510416 ----a-w- d:\program files\Orb Networks\Orb\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 04:08 417792 ----a-w- d:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Alex ToDo] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_ARC] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_safesex] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Things I'd Like to Have] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_when you're done checking your sites] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_wish list] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_would you mind cleaning up the room] 2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 20:12 26192168 ----a-r- d:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-18 03:03 1238352 ----a-w- d:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 09:17 149280 ----a-w- d:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] 2009-07-12 01:32 5113430 ----a-w- d:\program files\Vidalia Bundle\Vidalia\vidalia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2003-04-02 02:20 12288 ----a-w- d:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8wd"=3 (0x3) "avg8emc"=2 (0x2) "iPod Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\BitBlinder\\BitBlinder.exe"= "d:\\Program Files\\DNA\\btdna.exe"= "d:\\Program Files\\mIRC\\mirc.exe"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\SoulseekNS\\slsk.exe"= "d:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\PFPortChecker\\PFPortChecker.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "d:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"= "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Documents and Settings\\Doog\\My Documents\\Downloads\\motepad6\\MotePad.exe"= "d:\\Program Files\\Flock\\flock.exe"= "d:\\Program Files\\BitBlinder\\Tor.exe"= "d:\\Program Files\\Java\\jre6\\bin\\java.exe"= "$INSTDIR\\FlvDetector.exe"= d:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "d:\\Program Files\\BYOND\\bin\\byond.exe"= "d:\\Program Files\\TightVNC\\WinVNC.exe"= "d:\\Program Files\\Mozilla Firefox\\firefox.exe"= "d:\\Program Files\\GNU\\GnuPG\\gpg-agent.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "d:\\WINDOWS\\system32\\mmc.exe"= "d:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"= "d:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "d:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "d:\\Program Files\\FileZilla FTP Client\\fzsftp.exe"= "d:\\Program Files\\FileZilla FTP Client\\fzputtygen.exe"= "d:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "d:\\Program Files\\AIM\\aim.exe"= "d:\\Program Files\\Steam\\Steam.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iii complete\\Conquests\\Civ3Conquests.exe"= "d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3114:TCP"= 3114:TCP:SlSk "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [6/25/2009 10:01 PM 243024] R2 DirMngr;DirMngr;d:\program files\GNU\GnuPG\dirmngr.exe [9/28/2009 12:15 PM 242176] R2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [7/25/2005 5:13 AM 23680] R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\Viewpoint\Common\ViewpointService.exe [6/25/2009 5:14 PM 24652] R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [6/25/2009 8:39 PM 2883968] R3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [6/25/2009 8:39 PM 161792] S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\Drivers\avgldx86.sys --> d:\windows\system32\Drivers\avgldx86.sys [?] S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 9:47 PM 133104] S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [6/25/2009 8:39 PM 197376] S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [8/3/2009 4:42 PM 17920] S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [8/24/2009 12:37 PM 79360] S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\DRIVERS\2862WICB.sys --> d:\windows\system32\DRIVERS\2862WICB.sys [?] S4 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:36 AM 308136] . Contents of the 'Scheduled Tasks' folder 2010-07-29 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46] 2010-07-29 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46] 2010-07-27 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003Core.job - d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05] 2010-07-29 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003UA.job - d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: d:\windows\system32\stjxvn.dll FF - ProfilePath - d:\documents and settings\Doog\Application Data\Mozilla\Firefox\Profiles\19lnv8qr.default\ FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\BYOND\bin\npbyond.dll FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: d:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false. - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AVG8_TRAY - d:\progra~1\AVG\AVG8\avgtray.exe MSConfigStartUp-lsdefrag - d:\docume~1\Doog\LOCALS~1\Temp\creg.exe MSConfigStartUp-Mixersel - d:\windows\temp\mixersel.exe MSConfigStartUp-releaseversion70700 - d:\documents and settings\Doog\Application Data\FFD87CE93F57A26BB566F3AC57290E58\releaseversion70700.exe AddRemove-MakeTorrent 2 - d:\program files\Maketorrent 2\uninstall.exe AddRemove-Sid Meier's Alpha Centauri - i:\doog\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-28 23:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... d:\docume~1\Doog\LOCALS~1\Temp\Perflib_Perfdata_8c.dat 16384 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG12.00.00.01PROFESSIONAL"="AB795364F17A9F318C529F99096BA0DE615C022E739CF5E20B6A9B554BA34884777AAC3A5B4 AB6F3606C562A0BD105C6635035DD9ACD16835BCC40492406BABC1303FDFD7BF0CA38C4170C1C503 8 15AAEEB6EFDA2BCE1985ED3CC0923518154C735A94E54D216484C15C4970F661262B3FF79B8D8A94 4 041D4A1832446A1A7E72088720E9F127E07F2074F8C7114028D26BED144FEBC9E127BECC74CFEBC9 E 127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC 4 980AC7933A6171C11EC38DE3D9DB7CE019D40AA5C9DB7CE019D40AA5C0AC47C218BCE8A4EC277FAC D 3EEED65CDE7F53EEE0E19754B9E1242595C46A82742905FE3B4C30C09AF16BB7BE585EF5997D6C81 3 A8FA22D8B5AC9DD660E5EB3CF1BC68958A2E04B6F985FF8182185F2DD4FBCDDF9BE8FB0F6C00446D 2 7FE6FBE069764579B4152BAE4C57AC940EA1F6DA07AED93DB5AD8D90F3CF0E6D8070B542E5BBD844 2 AF60194F04A151025B90C94B72670B67C0255C05A9A875FB99D9A62E83291F5EC63CF356C1F96FDB 4 099FE1FA783E2D5F44FD43DD49AAE11AC34A81CB6BDD5F2DEE81F62CB339E14B008470ECEF077A72 E 1E32B6C319145D46B48356D6953E4DDDEE1151ED92B553EC06DBDAE4BAE8D077B435B789DFA6C5E5 4 FB693125A7FCB62FA19EB7543D85A424761F653A3F673A64408DF4CE4A4EF06DB0D9FB0BB8B6328C D 474EFDF63B4DB359A3CB866689E65A65F4DDDF406F78CDD9599BAFA06AF8F5A73CEC1A5373783B33 D 8FD4667ADE2D7E0DFCB03BD806717E3E8EDAC7B21E52AEDBB8ACC875767F12236BEC4A6C65F4DA17 D 0EE3992AD26DC2270CE3B8748C055CB11B5DD007078F9F3703293D684E4622ED11C7F253675BB1D4 F 0D8F6F0DE6CBE809646D59B5D9C44019E0B878A1EBEB6B5CC51129F96C0FEE0C11F67BDA1344BBA9 C 2F52C6C530377AF332333B83B06C72076E3D6E75E02B8DC59935E3759A631CB626745CB5B776FD3E 9 300DD7C66FA124C1640F84E16F05CA687EF039110C181F55271623281B617A4AB22F9FC89C3B3F3B F 0D4664FEA3C34C4C2AE8C5443A6A6340D31D23698EA6A9D71E748BCB6BBA07D5C4DB946BA30C9F86 1 37F3025074B81B67D2D0C5CF0D402FA5AA1BE51B2DC6286E45BC28D51213944E5041BEE77C7FA8F6 5 526DBD3AD6BD07C8A76C8D87D075A612BC39B6BFB68A971DE5F71F4227A01713AEE3F6C172F561A4 3 4CAD368089B96490340ADC67784EA571484417A7FC4B7EA6DDFC1474A49813B2A322A8EA4D711B2E 8 A2240B3C41D3DB58C279FB52DB3BBE3B7E47C58B574F0DA9677DF57212F1C5E56D65E2523367A02D 0 4D955986E93B5E560B873923CAB3DFD343BB462A23F19F3BDC34E2BD3A164C4E2DB282D6218027A6 4 7CCED0100CB0E9BDDCE17E1031C94" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(552) d:\windows\system32\stjxvn.dll - - - - - - - > 'explorer.exe'(3840) d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll d:\program files\TortoiseSVN\bin\TortoiseStub.dll d:\program files\TortoiseSVN\bin\TortoiseSVN.dll d:\program files\TortoiseSVN\bin\intl3_tsvn.dll d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . d:\program files\AVG\AVG9\avgchsvx.exe d:\windows\system32\brss01a.exe d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\program files\Bonjour\mDNSResponder.exe d:\program files\Java\jre6\bin\jqs.exe d:\windows\system32\nvsvc32.exe d:\program files\IRXON\Total Wireless\panel\TdspWB.exe . ************************************************************************** . Completion time: 2010-07-28 23:40:43 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-29 03:40 Pre-Run: 12,733,079,552 bytes free Post-Run: 14,769,647,616 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 65D60297310CAC1A35A17F47BC6F9ABC

when I run combofix, it tells me that my AVG Anti-Virus Free is active, but I have disabled the service and closed out of all of the processes. That is to say, I am almost entirely positive that I have completely disables AVG. Do you think that combofix is giving me a false positive on AVG, and that it is still safe for me to run it? I believe the virus may have disabled AVG anyway and is simply making it look like it is running.

I was browsing some seedy websites in Google Chrome yesterday, should have known better, but AVG popped up telling me I had gotten some infections and I shut my PC down before too much damage could be had. I've kept my PC in safe mode since, and have done everything under safe mode. First thing I know how to do was open msconfig and look for new startup processes, there were a few (creg.exe and releaseversion70700.exe, along with a randomly named program). According to google, it's the Antimal Doctor virus, although I don't think that I saw any file named Antimal Doctor and since I rebooted to safe mode immediately, I never saw any program window for the virus. Anyway, I deleted the files/folders that I knew were malicious, ran a full AVG scan in safemode which removed some more files, then ran another scan just in D:\Documents and Settings\ and my system folders because those were the only two places it seemed to infect. Second scan yielded no new virus results, but AVG can't be trusted that much. Alright, so at that point I remembered about malwarebytes and that there was a whole process of programs to run to help fix infections, and that's where I started following your instructions: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 7/27/2010 10:05:38 PM mbam-log-2010-07-27 (22-05-38).txt Scan type: Full scan (D:\|) Objects scanned: 464143 Time elapsed: 2 hour(s), 22 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\D:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: D:\Documents and Settings\Doog\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: D:\Documents and Settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully. D:\Program Files\Maketorrent 2\uninstall.exe (Password.Stealer) -> Quarantined and deleted successfully. D:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully. ----------------------------------------------------------- DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL Run by Doog at 22:48:32.37 on Tue 07/27/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.748 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== D:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe D:\WINDOWS\system32\svchost.exe -k netsvcs D:\Program Files\AVG\AVG9\avgchsvx.exe D:\WINDOWS\Explorer.EXE D:\Program Files\TortoiseSVN\bin\TSVNCache.exe H:\dds.com ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [d:\program files\netmeter\netmeter.exe] d:\program files\netmeter\NetMeter.exe uRun: [Google Update] "d:\documents and settings\doog\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Aim] "d:\program files\aim\aim.exe" /d locale=en-US uRun: [skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe mRun: [soundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] "d:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [TdspMa] d:\program files\irxon\total wireless\panel\TdspMa.exe mRun: [safeSex_To Do List] "d:\program files\safesex\safesex.exe" /PROFILE=To Do List mRun: [safeSex_ss notes] "d:\program files\safesex\safesex.exe" /PROFILE=ss notes mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup mRun: [amd_dc_opt] d:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [safeSex_iPod] "d:\program files\safesex\safesex.exe" /PROFILE=iPod mRun: [AVG9_TRAY] d:\progra~1\avg\avg9\avgtray.exe mRun: [KPDrv4XP] d:\progra~1\microi~1\intern~1\KPDrv4XP.EXE mRun: [safeSex_beep] "d:\program files\safesex\safesex.exe" /PROFILE=beep mRun: [iSUSPM Startup] d:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [iSUSScheduler] "d:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MSConfig] d:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mExplorerRun: [jgyo0w] d:\docume~1\doog\locals~1\temp\19aqp.exe uPolicies-explorer: NoSMHelp = 01000000 uPolicies-explorer: NoLogoff = 01000000 uPolicies-explorer: NoActiveDesktop = 01000000 IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: d:\windows\system32\stjxvn.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll Hosts: 0.0.0.0 banner.redhousebanner.com Hosts: 0.0.0.0 picpornium.net ================= FIREFOX =================== FF - ProfilePath - d:\docume~1\doog\applic~1\mozilla\firefox\profiles\19lnv8qr.default\ FF - component: d:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: d:\documents and settings\doog\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\byond\bin\npbyond.dll FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: d:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: d:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: d:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: d:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: d:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - d:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D} FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsed:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [2009-6-25 2883968] S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys --> d:\windows\system32\drivers\avgldx86.sys [?] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-6-25 29584] S1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-6-25 243024] S2 avg9wd;AVG Free WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136] S2 DirMngr;DirMngr;d:\program files\gnu\gnupg\dirmngr.exe [2009-9-28 242176] S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104] S2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [2005-7-25 23680] S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;d:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\viewpoint\common\ViewpointService.exe [2009-6-25 24652] S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [2009-6-25 197376] S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [2009-8-3 17920] S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [2009-8-24 79360] S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\drivers\2862wicb.sys --> d:\windows\system32\drivers\2862WICB.sys [?] S3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [2009-6-25 161792] =============== Created Last 30 ================ 2010-07-28 02:33:53 0 ----a-w- d:\documents and settings\doog\defogger_reenable 2010-07-27 23:32:04 0 d-----w- d:\docume~1\doog\applic~1\Malwarebytes 2010-07-27 23:31:49 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-07-27 23:31:47 20952 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-07-27 23:31:47 0 d-----w- d:\program files\Malwarebytes' Anti-Malware 2010-07-27 23:31:47 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-27 17:42:24 8192 ----a-w- d:\windows\system32\stjxvn.dll 2010-07-27 17:42:23 18944 ----a-w- d:\windows\system32\msippsth.dll 2010-07-22 05:42:32 99988 ----a-w- d:\documents and settings\doog\.recently-used.xbel 2010-07-22 03:32:33 0 d-----w- d:\windows\system32\Adobe 2010-07-16 12:36:40 12536 ----a-w- d:\windows\system32\avgrsstx.dll 2010-07-10 18:11:53 5840 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast1 2010-07-10 18:11:50 73000 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast0 2010-07-08 19:38:28 414 ----a-w- d:\windows\system32\lame_acm.xml 2010-07-08 19:38:28 38 ----a-w- d:\windows\avisplitter.ini 2010-07-08 19:38:28 165376 ----a-w- d:\windows\system32\unrar.dll 2010-07-08 19:38:27 839680 ----a-w- d:\windows\system32\lameACM.acm 2010-07-08 19:38:27 790528 ----a-w- d:\windows\system32\xvidcore.dll 2010-07-08 19:38:27 217088 ----a-w- d:\windows\system32\yv12vfw.dll 2010-07-08 19:38:27 151552 ----a-w- d:\windows\system32\ac3acm.acm 2010-07-08 19:38:27 134144 ----a-w- d:\windows\system32\xvidvfw.dll 2010-07-08 19:38:26 547 ----a-w- d:\windows\system32\ff_vfw.dll.manifest 2010-07-08 19:38:26 108032 ----a-w- d:\windows\system32\ff_vfw.dll 2010-07-08 19:38:24 0 d-----w- d:\program files\K-Lite Codec Pack 2010-07-07 19:54:39 73728 ----a-w- d:\windows\system32\ISUSPM.cpl 2010-07-07 19:43:15 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys 2010-07-07 19:43:14 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys 2010-07-07 19:09:39 0 d-----w- d:\program files\Gothic III ==================== Find3M ==================== 2010-07-16 12:36:42 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys 2010-06-12 05:11:49 87608 ----a-w- d:\docume~1\doog\applic~1\inst.exe 2010-06-12 05:11:49 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys 2010-06-12 05:11:49 47360 ----a-w- d:\docume~1\doog\applic~1\pcouffin.sys 2010-05-22 05:41:08 4096 ----a-w- d:\windows\d3dx.dat 2010-05-19 20:24:45 444952 ----a-w- d:\windows\system32\wrap_oal.dll 2010-05-19 20:24:44 109080 ----a-w- d:\windows\system32\OpenAL32.dll 2010-05-02 20:35:58 56532 ---ha-w- d:\windows\system32\mlfcache.dat 2009-08-15 15:59:46 868 ----a-w- d:\program files\INSTALL.LOG ============= FINISH: 22:49:00.43 =============== GMER would run, but on completing its scan my computer would lock up (screen froze, no mouse movements, did not resolve itself after leaving it for a few hours) so after several attempts I gave up. I do have a HijackThis log that looks like it has some malware entries that were not detected by DDS, and I could look for my initial AVG scan log if you would like. Else, I will wait until further instruction Attach.txt