Jump to content

Antimal Doctor or some similar infection


Recommended Posts

I was browsing some seedy websites in Google Chrome yesterday, should have known better, but AVG popped up telling me I had gotten some infections and I shut my PC down before too much damage could be had.

I've kept my PC in safe mode since, and have done everything under safe mode. First thing I know how to do was open msconfig and look for new startup processes, there were a few (creg.exe and releaseversion70700.exe, along with a randomly named program). According to google, it's the Antimal Doctor virus, although I don't think that I saw any file named Antimal Doctor and since I rebooted to safe mode immediately, I never saw any program window for the virus.

Anyway, I deleted the files/folders that I knew were malicious, ran a full AVG scan in safemode which removed some more files, then ran another scan just in D:\Documents and Settings\ and my system folders because those were the only two places it seemed to infect. Second scan yielded no new virus results, but AVG can't be trusted that much.

Alright, so at that point I remembered about malwarebytes and that there was a whole process of programs to run to help fix infections, and that's where I started following your instructions:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 6.0.2900.5512

7/27/2010 10:05:38 PM

mbam-log-2010-07-27 (22-05-38).txt

Scan type: Full scan (D:\|)

Objects scanned: 464143

Time elapsed: 2 hour(s), 22 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\D:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

D:\Documents and Settings\Doog\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

D:\Documents and Settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.

D:\Program Files\Maketorrent 2\uninstall.exe (Password.Stealer) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.

-----------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL

Run by Doog at 22:48:32.37 on Tue 07/27/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.748 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\system32\svchost.exe -k netsvcs

D:\Program Files\AVG\AVG9\avgchsvx.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\TortoiseSVN\bin\TSVNCache.exe

H:\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [d:\program files\netmeter\netmeter.exe] d:\program files\netmeter\NetMeter.exe

uRun: [Google Update] "d:\documents and settings\doog\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Aim] "d:\program files\aim\aim.exe" /d locale=en-US

uRun: [skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "d:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [TdspMa] d:\program files\irxon\total wireless\panel\TdspMa.exe

mRun: [safeSex_To Do List] "d:\program files\safesex\safesex.exe" /PROFILE=To Do List

mRun: [safeSex_ss notes] "d:\program files\safesex\safesex.exe" /PROFILE=ss notes

mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup

mRun: [amd_dc_opt] d:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [safeSex_iPod] "d:\program files\safesex\safesex.exe" /PROFILE=iPod

mRun: [AVG9_TRAY] d:\progra~1\avg\avg9\avgtray.exe

mRun: [KPDrv4XP] d:\progra~1\microi~1\intern~1\KPDrv4XP.EXE

mRun: [safeSex_beep] "d:\program files\safesex\safesex.exe" /PROFILE=beep

mRun: [iSUSPM Startup] d:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "d:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MSConfig] d:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mExplorerRun: [jgyo0w] d:\docume~1\doog\locals~1\temp\19aqp.exe

uPolicies-explorer: NoSMHelp = 01000000

uPolicies-explorer: NoLogoff = 01000000

uPolicies-explorer: NoActiveDesktop = 01000000

IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: d:\windows\system32\stjxvn.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

Hosts: 0.0.0.0 banner.redhousebanner.com

Hosts: 0.0.0.0 picpornium.net

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\doog\applic~1\mozilla\firefox\profiles\19lnv8qr.default\

FF - component: d:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: d:\documents and settings\doog\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\byond\bin\npbyond.dll

FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: d:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: d:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: d:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - d:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsed:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [2009-6-25 2883968]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys --> d:\windows\system32\drivers\avgldx86.sys [?]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-6-25 29584]

S1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-6-25 243024]

S2 avg9wd;AVG Free WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

S2 DirMngr;DirMngr;d:\program files\gnu\gnupg\dirmngr.exe [2009-9-28 242176]

S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104]

S2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [2005-7-25 23680]

S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;d:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

S2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\viewpoint\common\ViewpointService.exe [2009-6-25 24652]

S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [2009-6-25 197376]

S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [2009-8-3 17920]

S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [2009-8-24 79360]

S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\drivers\2862wicb.sys --> d:\windows\system32\drivers\2862WICB.sys [?]

S3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [2009-6-25 161792]

=============== Created Last 30 ================

2010-07-28 02:33:53 0 ----a-w- d:\documents and settings\doog\defogger_reenable

2010-07-27 23:32:04 0 d-----w- d:\docume~1\doog\applic~1\Malwarebytes

2010-07-27 23:31:49 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-07-27 23:31:47 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-07-27 23:31:47 0 d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-07-27 23:31:47 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-27 17:42:24 8192 ----a-w- d:\windows\system32\stjxvn.dll

2010-07-27 17:42:23 18944 ----a-w- d:\windows\system32\msippsth.dll

2010-07-22 05:42:32 99988 ----a-w- d:\documents and settings\doog\.recently-used.xbel

2010-07-22 03:32:33 0 d-----w- d:\windows\system32\Adobe

2010-07-16 12:36:40 12536 ----a-w- d:\windows\system32\avgrsstx.dll

2010-07-10 18:11:53 5840 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast1

2010-07-10 18:11:50 73000 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast0

2010-07-08 19:38:28 414 ----a-w- d:\windows\system32\lame_acm.xml

2010-07-08 19:38:28 38 ----a-w- d:\windows\avisplitter.ini

2010-07-08 19:38:28 165376 ----a-w- d:\windows\system32\unrar.dll

2010-07-08 19:38:27 839680 ----a-w- d:\windows\system32\lameACM.acm

2010-07-08 19:38:27 790528 ----a-w- d:\windows\system32\xvidcore.dll

2010-07-08 19:38:27 217088 ----a-w- d:\windows\system32\yv12vfw.dll

2010-07-08 19:38:27 151552 ----a-w- d:\windows\system32\ac3acm.acm

2010-07-08 19:38:27 134144 ----a-w- d:\windows\system32\xvidvfw.dll

2010-07-08 19:38:26 547 ----a-w- d:\windows\system32\ff_vfw.dll.manifest

2010-07-08 19:38:26 108032 ----a-w- d:\windows\system32\ff_vfw.dll

2010-07-08 19:38:24 0 d-----w- d:\program files\K-Lite Codec Pack

2010-07-07 19:54:39 73728 ----a-w- d:\windows\system32\ISUSPM.cpl

2010-07-07 19:43:15 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys

2010-07-07 19:43:14 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys

2010-07-07 19:09:39 0 d-----w- d:\program files\Gothic III

==================== Find3M ====================

2010-07-16 12:36:42 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys

2010-06-12 05:11:49 87608 ----a-w- d:\docume~1\doog\applic~1\inst.exe

2010-06-12 05:11:49 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys

2010-06-12 05:11:49 47360 ----a-w- d:\docume~1\doog\applic~1\pcouffin.sys

2010-05-22 05:41:08 4096 ----a-w- d:\windows\d3dx.dat

2010-05-19 20:24:45 444952 ----a-w- d:\windows\system32\wrap_oal.dll

2010-05-19 20:24:44 109080 ----a-w- d:\windows\system32\OpenAL32.dll

2010-05-02 20:35:58 56532 ---ha-w- d:\windows\system32\mlfcache.dat

2009-08-15 15:59:46 868 ----a-w- d:\program files\INSTALL.LOG

============= FINISH: 22:49:00.43 ===============

GMER would run, but on completing its scan my computer would lock up (screen froze, no mouse movements, did not resolve itself after leaving it for a few hours) so after several attempts I gave up. I do have a HijackThis log that looks like it has some malware entries that were not detected by DDS, and I could look for my initial AVG scan log if you would like. Else, I will wait until further instruction :)

Attach.txt

Link to post
Share on other sites

Hi Frank and welcome to the forums.

My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. The logs that we ask for can sometimes take a while to research so please be patient and I'd be grateful if you would note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Malware and the removal process can pose a risk of data loss. Also, with some infections we may advise you to reformat and re-install Windows. I recommend you make a backup of any data that you have created, such as documents, pictures, music, etc... before we begin the fix if possible.

++++++++++++++

Please run this tool in Normal Mode if possible.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

when I run combofix, it tells me that my AVG Anti-Virus Free is active, but I have disabled the service and closed out of all of the processes. That is to say, I am almost entirely positive that I have completely disables AVG. Do you think that combofix is giving me a false positive on AVG, and that it is still safe for me to run it? I believe the virus may have disabled AVG anyway and is simply making it look like it is running.

Link to post
Share on other sites

Combofix results:

ComboFix 10-07-27.05 - Doog 07/28/2010 23:22:14.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.563 [GMT -4:00]

Running from: d:\documents and settings\Doog\Taskbar Menu\collage\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\documents and settings\Doog\Application Data\BITS

d:\documents and settings\Doog\Application Data\BITS\BITS.ini

d:\documents and settings\Doog\Application Data\BITS\DHTTable.dat

d:\documents and settings\Doog\Application Data\BITS\pl.dat

d:\documents and settings\Doog\Application Data\BITS\ProxyList.ini

d:\documents and settings\Doog\Application Data\BITS\UPnP.ini

d:\documents and settings\Doog\Application Data\FlashGetBHO

d:\documents and settings\Doog\Application Data\FlashGetBHO\FlashGetBHO3.dll

d:\documents and settings\Doog\Application Data\FlashGetBHO\GetAllUrl.htm

d:\documents and settings\Doog\Application Data\FlashGetBHO\GetUrl.htm

d:\documents and settings\Doog\Application Data\inst.exe

d:\program files\FlashGet Network

d:\program files\INSTALL.LOG

d:\windows\system32\msippsth.dll

d:\windows\system32\msvcsv60.dll

d:\windows\system32\secustat.dat

d:\windows\system32\skinboxer43.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TCPIP_PASS-THROUGH_FILTER

-------\Service_TCPIP Pass-through Filter

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))

.

2010-07-27 23:32 . 2010-07-27 23:32 -------- d-----w- d:\documents and settings\Doog\Application Data\Malwarebytes

2010-07-27 23:31 . 2010-04-29 19:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-27 23:31 . 2010-04-29 19:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-07-27 17:42 . 2010-07-27 17:42 8192 ----a-w- d:\windows\system32\stjxvn.dll

2010-07-22 03:32 . 2010-07-22 03:49 -------- d-----w- d:\windows\system32\Adobe

2010-07-16 12:36 . 2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll

2010-07-08 19:38 . 2010-03-15 09:31 165376 ----a-w- d:\windows\system32\unrar.dll

2010-07-08 19:38 . 2010-06-08 16:10 790528 ----a-w- d:\windows\system32\xvidcore.dll

2010-07-08 19:38 . 2010-06-08 16:10 134144 ----a-w- d:\windows\system32\xvidvfw.dll

2010-07-08 19:38 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll

2010-07-08 19:38 . 2010-06-28 08:00 108032 ----a-w- d:\windows\system32\ff_vfw.dll

2010-07-08 19:38 . 2010-07-08 19:39 -------- d-----w- d:\program files\K-Lite Codec Pack

2010-07-07 19:54 . 2010-07-07 19:54 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield

2010-07-07 19:43 . 2010-07-07 19:43 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys

2010-07-07 19:43 . 2010-07-07 19:43 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys

2010-07-07 19:09 . 2010-07-07 21:22 -------- d-----w- d:\program files\Gothic III

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-29 03:31 . 2009-07-30 23:05 -------- d-----w- d:\documents and settings\Doog\Application Data\Skype

2010-07-29 03:31 . 2009-07-30 23:06 -------- d-----w- d:\documents and settings\Doog\Application Data\skypePM

2010-07-27 23:08 . 2009-10-07 20:30 -------- d-----w- d:\documents and settings\Doog\Application Data\Dropbox

2010-07-27 23:07 . 2010-05-18 03:02 -------- d-----w- d:\program files\Steam

2010-07-27 18:07 . 2009-06-28 00:00 1324 ----a-w- d:\windows\system32\d3d9caps.dat

2010-07-27 17:41 . 2009-07-09 18:00 -------- d-----w- d:\documents and settings\Doog\Application Data\uTorrent

2010-07-23 12:29 . 2010-07-23 12:29 1615200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-23 12:29 . 2010-07-23 12:29 1373536 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-07-23 12:29 . 2010-07-23 12:29 1107296 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-23 12:29 . 2010-07-23 12:29 4368224 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-22 04:02 . 2009-11-02 22:43 -------- d-----w- d:\documents and settings\Doog\Application Data\NoNameScript

2010-07-22 04:02 . 2009-06-26 03:28 -------- d-----w- d:\program files\mIRC

2010-07-21 18:14 . 2009-08-03 19:57 16 ----a-w- d:\windows\msocreg32.dat

2010-07-19 23:07 . 2009-08-09 16:20 -------- d-----w- d:\documents and settings\Doog\Application Data\Audacity

2010-07-16 12:37 . 2010-07-16 12:37 242896 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-16 12:37 . 2010-07-16 12:37 216200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-16 12:36 . 2009-06-26 02:01 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys

2010-07-16 12:34 . 2010-07-16 12:34 813336 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-16 12:34 . 2010-07-16 12:34 624920 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-16 12:34 . 2010-07-16 12:34 1690464 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-16 12:34 . 2010-07-16 12:34 1038688 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-13 04:02 . 2009-06-26 02:41 -------- d-----w- d:\documents and settings\Doog\Application Data\gtk-2.0

2010-07-10 19:26 . 2009-06-28 00:36 -------- d-----w- d:\documents and settings\Doog\Application Data\foobar2000

2010-07-10 19:18 . 2009-06-28 00:35 -------- d-----w- d:\program files\foobar2000

2010-07-08 19:31 . 2010-02-15 22:25 -------- d-----w- d:\program files\AllToAVI

2010-07-07 21:04 . 2009-06-25 20:35 -------- d--h--w- d:\program files\InstallShield Installation Information

2010-07-07 19:54 . 2009-06-25 20:33 -------- d-----w- d:\program files\Common Files\InstallShield

2010-07-07 17:20 . 2009-07-10 17:39 -------- d-----w- d:\documents and settings\All Users\Application Data\Soulseek

2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\Doog\Application Data\PlayFirst

2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\All Users\Application Data\PlayFirst

2010-06-19 01:23 . 2010-06-19 01:23 -------- d-----w- d:\program files\Tasty Planet

2010-06-19 01:22 . 2010-06-19 01:22 -------- d-----w- d:\program files\ReflexiveArcade

2010-06-13 18:57 . 2010-06-13 18:57 -------- d-----w- d:\program files\Common Files\Skype

2010-06-12 14:33 . 2010-06-12 04:56 -------- d-----w- d:\program files\VSO

2010-06-12 14:33 . 2010-06-12 04:57 -------- d-----w- d:\documents and settings\Doog\Application Data\Vso

2010-06-12 06:11 . 2010-06-12 06:11 -------- d-----w- d:\documents and settings\All Users\Application Data\vsosdk

2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys

2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys

2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys

2010-06-04 14:33 . 2010-06-03 18:27 1327 ----a-w- d:\windows\EntPack.dat

2010-06-02 12:47 . 2009-06-26 02:00 29584 ----a-w- d:\windows\system32\drivers\avgmfx86.sys

2010-06-02 04:59 . 2009-11-05 02:15 -------- d-----w- d:\program files\DOSBox-0.73

2010-05-31 03:46 . 2009-09-04 02:15 -------- d-----w- d:\documents and settings\Doog\Application Data\FileZilla

2010-05-22 05:41 . 2010-05-22 05:41 4096 ----a-w- d:\windows\d3dx.dat

2010-05-19 20:24 . 2010-05-19 20:24 444952 ----a-w- d:\windows\system32\wrap_oal.dll

2010-05-19 20:24 . 2010-05-19 20:24 109080 ----a-w- d:\windows\system32\OpenAL32.dll

2010-05-02 20:35 . 2010-05-02 20:35 56532 ---ha-w- d:\windows\system32\mlfcache.dat

2010-05-01 03:09 . 2009-10-23 02:35 314752 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

"Google Update"="d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-25 133104]

"Aim"="d:\program files\AIM\aim.exe" [2010-05-13 3823960]

"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]

"TdspMa"="d:\program files\IRXON\Total Wireless\panel\TdspMa.exe" [2008-05-16 106496]

"SafeSex_To Do List"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"SafeSex_ss notes"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SafeSex_iPod"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

"KPDrv4XP"="d:\progra~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2010-03-21 40960]

"SafeSex_beep"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 01000000

"NoLogoff"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi4"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]

path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk

backup=d:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^Dropbox.lnk]

path=d:\documents and settings\Doog\Start Menu\Programs\Startup\Dropbox.lnk

backup=d:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^MagicDisc.lnk]

path=d:\documents and settings\Doog\Start Menu\Programs\Startup\MagicDisc.lnk

backup=d:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 23:03 152872 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-06-26 00:54 321344 ----a-w- d:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-25 21:05 133104 ----atw- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]

2009-12-03 17:04 3118344 ----a-w- d:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]

2010-03-21 01:37 401408 ----a-w- d:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

2007-02-02 06:01 120368 ----a-w- d:\progra~1\Lenovo\LENOVO~1\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 19:57 153136 ----a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-09-18 03:55 13574144 ----a-w- d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-09-18 03:55 86016 ----a-w- d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-09-18 03:55 1657376 ----a-w- d:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2009-09-12 05:34 2524416 ----a-w- d:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

2009-07-16 22:29 510416 ----a-w- d:\program files\Orb Networks\Orb\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Alex ToDo]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_ARC]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_safesex]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Things I'd Like to Have]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_when you're done checking your sites]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_wish list]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_would you mind cleaning up the room]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 20:12 26192168 ----a-r- d:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-05-18 03:03 1238352 ----a-w- d:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 09:17 149280 ----a-w- d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

2009-07-12 01:32 5113430 ----a-w- d:\program files\Vidalia Bundle\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2003-04-02 02:20 12288 ----a-w- d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avg8wd"=3 (0x3)

"avg8emc"=2 (0x2)

"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\BitBlinder\\BitBlinder.exe"=

"d:\\Program Files\\DNA\\btdna.exe"=

"d:\\Program Files\\mIRC\\mirc.exe"=

"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Program Files\\SoulseekNS\\slsk.exe"=

"d:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=

"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"d:\\Documents and Settings\\Doog\\My Documents\\Downloads\\motepad6\\MotePad.exe"=

"d:\\Program Files\\Flock\\flock.exe"=

"d:\\Program Files\\BitBlinder\\Tor.exe"=

"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"$INSTDIR\\FlvDetector.exe"= d:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

"d:\\Program Files\\BYOND\\bin\\byond.exe"=

"d:\\Program Files\\TightVNC\\WinVNC.exe"=

"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\GNU\\GnuPG\\gpg-agent.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"d:\\WINDOWS\\system32\\mmc.exe"=

"d:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=

"d:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"d:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"d:\\Program Files\\FileZilla FTP Client\\fzsftp.exe"=

"d:\\Program Files\\FileZilla FTP Client\\fzputtygen.exe"=

"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"d:\\Program Files\\AIM\\aim.exe"=

"d:\\Program Files\\Steam\\Steam.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iii complete\\Conquests\\Civ3Conquests.exe"=

"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3114:TCP"= 3114:TCP:SlSk

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [6/25/2009 10:01 PM 243024]

R2 DirMngr;DirMngr;d:\program files\GNU\GnuPG\dirmngr.exe [9/28/2009 12:15 PM 242176]

R2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [7/25/2005 5:13 AM 23680]

R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\Viewpoint\Common\ViewpointService.exe [6/25/2009 5:14 PM 24652]

R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [6/25/2009 8:39 PM 2883968]

R3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [6/25/2009 8:39 PM 161792]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\Drivers\avgldx86.sys --> d:\windows\system32\Drivers\avgldx86.sys [?]

S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 9:47 PM 133104]

S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [6/25/2009 8:39 PM 197376]

S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [8/3/2009 4:42 PM 17920]

S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [8/24/2009 12:37 PM 79360]

S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\DRIVERS\2862WICB.sys --> d:\windows\system32\DRIVERS\2862WICB.sys [?]

S4 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:36 AM 308136]

.

Contents of the 'Scheduled Tasks' folder

2010-07-29 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46]

2010-07-29 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46]

2010-07-27 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003Core.job

- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05]

2010-07-29 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003UA.job

- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: d:\windows\system32\stjxvn.dll

FF - ProfilePath - d:\documents and settings\Doog\Application Data\Mozilla\Firefox\Profiles\19lnv8qr.default\

FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\BYOND\bin\npbyond.dll

FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: d:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - d:\progra~1\AVG\AVG8\avgtray.exe

MSConfigStartUp-lsdefrag - d:\docume~1\Doog\LOCALS~1\Temp\creg.exe

MSConfigStartUp-Mixersel - d:\windows\temp\mixersel.exe

MSConfigStartUp-releaseversion70700 - d:\documents and settings\Doog\Application Data\FFD87CE93F57A26BB566F3AC57290E58\releaseversion70700.exe

AddRemove-MakeTorrent 2 - d:\program files\Maketorrent 2\uninstall.exe

AddRemove-Sid Meier's Alpha Centauri - i:\doog\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-28 23:29

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

d:\docume~1\Doog\LOCALS~1\Temp\Perflib_Perfdata_8c.dat 16384 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="AB795364F17A9F318C529F99096BA0DE615C022E739CF5E20B6A9B554BA34884777AAC3A5B4

AB6F3606C562A0BD105C6635035DD9ACD16835BCC40492406BABC1303FDFD7BF0CA38C4170C1C503

8

15AAEEB6EFDA2BCE1985ED3CC0923518154C735A94E54D216484C15C4970F661262B3FF79B8D8A94

4

041D4A1832446A1A7E72088720E9F127E07F2074F8C7114028D26BED144FEBC9E127BECC74CFEBC9

E

127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC

4

980AC7933A6171C11EC38DE3D9DB7CE019D40AA5C9DB7CE019D40AA5C0AC47C218BCE8A4EC277FAC

D

3EEED65CDE7F53EEE0E19754B9E1242595C46A82742905FE3B4C30C09AF16BB7BE585EF5997D6C81

3

A8FA22D8B5AC9DD660E5EB3CF1BC68958A2E04B6F985FF8182185F2DD4FBCDDF9BE8FB0F6C00446D

2

7FE6FBE069764579B4152BAE4C57AC940EA1F6DA07AED93DB5AD8D90F3CF0E6D8070B542E5BBD844

2

AF60194F04A151025B90C94B72670B67C0255C05A9A875FB99D9A62E83291F5EC63CF356C1F96FDB

4

099FE1FA783E2D5F44FD43DD49AAE11AC34A81CB6BDD5F2DEE81F62CB339E14B008470ECEF077A72

E

1E32B6C319145D46B48356D6953E4DDDEE1151ED92B553EC06DBDAE4BAE8D077B435B789DFA6C5E5

4

FB693125A7FCB62FA19EB7543D85A424761F653A3F673A64408DF4CE4A4EF06DB0D9FB0BB8B6328C

D

474EFDF63B4DB359A3CB866689E65A65F4DDDF406F78CDD9599BAFA06AF8F5A73CEC1A5373783B33

D

8FD4667ADE2D7E0DFCB03BD806717E3E8EDAC7B21E52AEDBB8ACC875767F12236BEC4A6C65F4DA17

D

0EE3992AD26DC2270CE3B8748C055CB11B5DD007078F9F3703293D684E4622ED11C7F253675BB1D4

F

0D8F6F0DE6CBE809646D59B5D9C44019E0B878A1EBEB6B5CC51129F96C0FEE0C11F67BDA1344BBA9

C

2F52C6C530377AF332333B83B06C72076E3D6E75E02B8DC59935E3759A631CB626745CB5B776FD3E

9

300DD7C66FA124C1640F84E16F05CA687EF039110C181F55271623281B617A4AB22F9FC89C3B3F3B

F

0D4664FEA3C34C4C2AE8C5443A6A6340D31D23698EA6A9D71E748BCB6BBA07D5C4DB946BA30C9F86

1

37F3025074B81B67D2D0C5CF0D402FA5AA1BE51B2DC6286E45BC28D51213944E5041BEE77C7FA8F6

5

526DBD3AD6BD07C8A76C8D87D075A612BC39B6BFB68A971DE5F71F4227A01713AEE3F6C172F561A4

3

4CAD368089B96490340ADC67784EA571484417A7FC4B7EA6DDFC1474A49813B2A322A8EA4D711B2E

8

A2240B3C41D3DB58C279FB52DB3BBE3B7E47C58B574F0DA9677DF57212F1C5E56D65E2523367A02D

0

4D955986E93B5E560B873923CAB3DFD343BB462A23F19F3BDC34E2BD3A164C4E2DB282D6218027A6

4

7CCED0100CB0E9BDDCE17E1031C94"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(552)

d:\windows\system32\stjxvn.dll

- - - - - - - > 'explorer.exe'(3840)

d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

d:\program files\TortoiseSVN\bin\TortoiseStub.dll

d:\program files\TortoiseSVN\bin\TortoiseSVN.dll

d:\program files\TortoiseSVN\bin\intl3_tsvn.dll

d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

d:\program files\AVG\AVG9\avgchsvx.exe

d:\windows\system32\brss01a.exe

d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

d:\program files\Bonjour\mDNSResponder.exe

d:\program files\Java\jre6\bin\jqs.exe

d:\windows\system32\nvsvc32.exe

d:\program files\IRXON\Total Wireless\panel\TdspWB.exe

.

**************************************************************************

.

Completion time: 2010-07-28 23:40:43 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-29 03:40

Pre-Run: 12,733,079,552 bytes free

Post-Run: 14,769,647,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 65D60297310CAC1A35A17F47BC6F9ABC

Link to post
Share on other sites

Please go to http://www.virustotal.com/en/indexf.html

click on Browse, and upload the following file for analysis:

d:\windows\system32\stjxvn.dll

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Or you can copy the link to the VT results page if that is easier.

Link to post
Share on other sites

I'm suddenly unable to access the internet at all on the infected computer (although I can connect to my network). Is there a safe way to transfer the file to another computer for uploading?

Have you tried rebooting? Is this with both IE and Firefox?

If rebooting doesn't solve we can try this:

WinsockFix to restore internet connectivity.

http://www.spychecker.com/program/winsockxpfix.html

The Winsockfix Utility will:

Link to post
Share on other sites

Just so I know, did you have to run winsockfix, or did simply rebooting fix the internet issue?

Looks like the file is bad. My concern is that it is in your LSP stack and simply removing it will break your internet again. Let's take a look with HijackThis.

Download, run, and post a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Link to post
Share on other sites

winsock was what fixed the problem.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:57:08 PM, on 7/29/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\AVG\AVG9\avgchsvx.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Analog Devices\Core\smax4pnp.exe

D:\Program Files\IRXON\Total Wireless\panel\TdspMa.exe

D:\Program Files\SafeSex\safesex.exe

D:\Program Files\SafeSex\safesex.exe

D:\Program Files\IRXON\Total Wireless\panel\TdspWB.exe

D:\Program Files\SafeSex\safesex.exe

D:\PROGRA~1\AVG\AVG9\avgtray.exe

D:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE

D:\Program Files\SafeSex\safesex.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\Program Files\NetMeter\NetMeter.exe

D:\WINDOWS\system32\taskmgr.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [TdspMa] D:\Program Files\IRXON\Total Wireless\panel\TdspMa.exe

O4 - HKLM\..\Run: [safeSex_To Do List] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=To Do List

O4 - HKLM\..\Run: [safeSex_ss notes] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=ss notes

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [safeSex_iPod] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=iPod

O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [KPDrv4XP] D:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE

O4 - HKLM\..\Run: [safeSex_beep] "D:\Program Files\SafeSex\safesex.exe" /PROFILE=beep

O4 - HKLM\..\Run: [iSUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe

O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Aim] "D:\Program Files\AIM\aim.exe" /d locale=en-US

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc01a.exe

O23 - Service: DirMngr - Unknown owner - D:\Program Files\GNU\GnuPG\dirmngr.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kinetic Books License Service - Kinetic Books - D:\Program Files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 5855 bytes

Link to post
Share on other sites

Doesn't look like combofix was run from the desktop:

d:\documents and settings\Doog\Taskbar Menu\collage\ComboFix.exe

Please drag it from that location to the desktop and do the following:

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
d:\windows\system32\stjxvn.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new DDS log. Just DDS.txt. .

Link to post
Share on other sites

ComboFix 10-07-30.01 - Doog 07/30/2010 17:17:06.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.659 [GMT -4:00]

Running from: d:\documents and settings\Doog\Desktop\ComboFix.exe

Command switches used :: d:\documents and settings\Doog\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"d:\windows\system32\stjxvn.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\reg.reg

d:\windows\system32\stjxvn.dll

.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))

.

2010-07-29 18:53 . 2010-07-29 18:53 -------- d-----w- d:\program files\Trend Micro

2010-07-27 23:32 . 2010-07-27 23:32 -------- d-----w- d:\documents and settings\Doog\Application Data\Malwarebytes

2010-07-27 23:31 . 2010-04-29 19:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-07-27 23:31 . 2010-07-27 23:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-27 23:31 . 2010-04-29 19:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-07-22 03:32 . 2010-07-22 03:49 -------- d-----w- d:\windows\system32\Adobe

2010-07-16 12:36 . 2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll

2010-07-08 19:38 . 2010-03-15 09:31 165376 ----a-w- d:\windows\system32\unrar.dll

2010-07-08 19:38 . 2010-06-08 16:10 790528 ----a-w- d:\windows\system32\xvidcore.dll

2010-07-08 19:38 . 2010-06-08 16:10 134144 ----a-w- d:\windows\system32\xvidvfw.dll

2010-07-08 19:38 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll

2010-07-08 19:38 . 2010-06-28 08:00 108032 ----a-w- d:\windows\system32\ff_vfw.dll

2010-07-08 19:38 . 2010-07-08 19:39 -------- d-----w- d:\program files\K-Lite Codec Pack

2010-07-07 19:54 . 2010-07-07 19:54 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield

2010-07-07 19:43 . 2010-07-07 19:43 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys

2010-07-07 19:43 . 2010-07-07 19:43 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys

2010-07-07 19:09 . 2010-07-07 21:22 -------- d-----w- d:\program files\Gothic III

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-29 22:38 . 2010-05-18 03:02 -------- d-----w- d:\program files\Steam

2010-07-29 17:18 . 2009-07-30 23:05 -------- d-----w- d:\documents and settings\Doog\Application Data\Skype

2010-07-29 17:16 . 2009-07-30 23:06 -------- d-----w- d:\documents and settings\Doog\Application Data\skypePM

2010-07-29 14:42 . 2009-08-18 04:30 -------- d-----w- d:\program files\Flock

2010-07-27 23:08 . 2009-10-07 20:30 -------- d-----w- d:\documents and settings\Doog\Application Data\Dropbox

2010-07-27 18:07 . 2009-06-28 00:00 1324 ----a-w- d:\windows\system32\d3d9caps.dat

2010-07-27 17:41 . 2009-07-09 18:00 -------- d-----w- d:\documents and settings\Doog\Application Data\uTorrent

2010-07-23 12:29 . 2010-07-23 12:29 1615200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-23 12:29 . 2010-07-23 12:29 1373536 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-07-23 12:29 . 2010-07-23 12:29 1107296 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-23 12:29 . 2010-07-23 12:29 4368224 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-22 04:02 . 2009-11-02 22:43 -------- d-----w- d:\documents and settings\Doog\Application Data\NoNameScript

2010-07-22 04:02 . 2009-06-26 03:28 -------- d-----w- d:\program files\mIRC

2010-07-21 18:14 . 2009-08-03 19:57 16 ----a-w- d:\windows\msocreg32.dat

2010-07-19 23:07 . 2009-08-09 16:20 -------- d-----w- d:\documents and settings\Doog\Application Data\Audacity

2010-07-16 12:37 . 2010-07-16 12:37 242896 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-16 12:37 . 2010-07-16 12:37 216200 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-16 12:36 . 2009-06-26 02:01 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys

2010-07-16 12:34 . 2010-07-16 12:34 813336 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-16 12:34 . 2010-07-16 12:34 624920 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-16 12:34 . 2010-07-16 12:34 1690464 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-16 12:34 . 2010-07-16 12:34 1038688 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-13 04:02 . 2009-06-26 02:41 -------- d-----w- d:\documents and settings\Doog\Application Data\gtk-2.0

2010-07-10 19:26 . 2009-06-28 00:36 -------- d-----w- d:\documents and settings\Doog\Application Data\foobar2000

2010-07-10 19:18 . 2009-06-28 00:35 -------- d-----w- d:\program files\foobar2000

2010-07-08 19:31 . 2010-02-15 22:25 -------- d-----w- d:\program files\AllToAVI

2010-07-07 21:04 . 2009-06-25 20:35 -------- d--h--w- d:\program files\InstallShield Installation Information

2010-07-07 19:54 . 2009-06-25 20:33 -------- d-----w- d:\program files\Common Files\InstallShield

2010-07-07 17:20 . 2009-07-10 17:39 -------- d-----w- d:\documents and settings\All Users\Application Data\Soulseek

2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\Doog\Application Data\PlayFirst

2010-06-19 01:24 . 2010-06-19 01:24 -------- d-----w- d:\documents and settings\All Users\Application Data\PlayFirst

2010-06-19 01:23 . 2010-06-19 01:23 -------- d-----w- d:\program files\Tasty Planet

2010-06-19 01:22 . 2010-06-19 01:22 -------- d-----w- d:\program files\ReflexiveArcade

2010-06-13 18:57 . 2010-06-13 18:57 -------- d-----w- d:\program files\Common Files\Skype

2010-06-12 14:33 . 2010-06-12 04:56 -------- d-----w- d:\program files\VSO

2010-06-12 14:33 . 2010-06-12 04:57 -------- d-----w- d:\documents and settings\Doog\Application Data\Vso

2010-06-12 06:11 . 2010-06-12 06:11 -------- d-----w- d:\documents and settings\All Users\Application Data\vsosdk

2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys

2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys

2010-06-12 05:11 . 2010-06-12 04:57 47360 ----a-w- d:\documents and settings\Doog\Application Data\pcouffin.sys

2010-06-04 14:33 . 2010-06-03 18:27 1327 ----a-w- d:\windows\EntPack.dat

2010-06-02 12:47 . 2009-06-26 02:00 29584 ----a-w- d:\windows\system32\drivers\avgmfx86.sys

2010-06-02 04:59 . 2009-11-05 02:15 -------- d-----w- d:\program files\DOSBox-0.73

2010-05-22 05:41 . 2010-05-22 05:41 4096 ----a-w- d:\windows\d3dx.dat

2010-05-19 20:24 . 2010-05-19 20:24 444952 ----a-w- d:\windows\system32\wrap_oal.dll

2010-05-19 20:24 . 2010-05-19 20:24 109080 ----a-w- d:\windows\system32\OpenAL32.dll

2010-05-02 20:35 . 2010-05-02 20:35 56532 ---ha-w- d:\windows\system32\mlfcache.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 23:12 86280 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- d:\documents and settings\Doog\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

"Google Update"="d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-25 133104]

"Aim"="d:\program files\AIM\aim.exe" [2010-05-13 3823960]

"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]

"TdspMa"="d:\program files\IRXON\Total Wireless\panel\TdspMa.exe" [2008-05-16 106496]

"SafeSex_To Do List"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"SafeSex_ss notes"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

"amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SafeSex_iPod"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

"KPDrv4XP"="d:\progra~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2010-03-21 40960]

"SafeSex_beep"="d:\program files\SafeSex\safesex.exe" [2002-12-20 26624]

"ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 01000000

"NoLogoff"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 12:36 12536 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi4"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]

path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk

backup=d:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^Dropbox.lnk]

path=d:\documents and settings\Doog\Start Menu\Programs\Startup\Dropbox.lnk

backup=d:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Doog^Start Menu^Programs^Startup^MagicDisc.lnk]

path=d:\documents and settings\Doog\Start Menu\Programs\Startup\MagicDisc.lnk

backup=d:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 23:03 152872 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-06-26 00:54 321344 ----a-w- d:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-25 21:05 133104 ----atw- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]

2009-12-03 17:04 3118344 ----a-w- d:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]

2010-03-21 01:37 401408 ----a-w- d:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

2007-02-02 06:01 120368 ----a-w- d:\progra~1\Lenovo\LENOVO~1\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 19:57 153136 ----a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-09-18 03:55 13574144 ----a-w- d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-09-18 03:55 86016 ----a-w- d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-09-18 03:55 1657376 ----a-w- d:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

2009-09-12 05:34 2524416 ----a-w- d:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

2009-07-16 22:29 510416 ----a-w- d:\program files\Orb Networks\Orb\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Alex ToDo]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_ARC]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_safesex]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_Things I'd Like to Have]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_when you're done checking your sites]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_wish list]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeSex_would you mind cleaning up the room]

2002-12-20 23:59 26624 ----a-w- d:\program files\SafeSex\safesex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 20:12 26192168 ----a-r- d:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-05-18 03:03 1238352 ----a-w- d:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 09:17 149280 ----a-w- d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

2009-07-12 01:32 5113430 ----a-w- d:\program files\Vidalia Bundle\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2003-04-02 02:20 12288 ----a-w- d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avg8wd"=3 (0x3)

"avg8emc"=2 (0x2)

"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\BitBlinder\\BitBlinder.exe"=

"d:\\Program Files\\DNA\\btdna.exe"=

"d:\\Program Files\\mIRC\\mirc.exe"=

"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Program Files\\SoulseekNS\\slsk.exe"=

"d:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"d:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=

"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"d:\\Documents and Settings\\Doog\\My Documents\\Downloads\\motepad6\\MotePad.exe"=

"d:\\Program Files\\Flock\\flock.exe"=

"d:\\Program Files\\BitBlinder\\Tor.exe"=

"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"$INSTDIR\\FlvDetector.exe"= d:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

"d:\\Program Files\\BYOND\\bin\\byond.exe"=

"d:\\Program Files\\TightVNC\\WinVNC.exe"=

"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\GNU\\GnuPG\\gpg-agent.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"d:\\WINDOWS\\system32\\mmc.exe"=

"d:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=

"d:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"d:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"d:\\Program Files\\FileZilla FTP Client\\fzsftp.exe"=

"d:\\Program Files\\FileZilla FTP Client\\fzputtygen.exe"=

"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"d:\\Program Files\\AIM\\aim.exe"=

"d:\\Program Files\\Steam\\Steam.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iii complete\\Conquests\\Civ3Conquests.exe"=

"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3114:TCP"= 3114:TCP:SlSk

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [6/25/2009 10:01 PM 243024]

R2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [7/25/2005 5:13 AM 23680]

R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\Viewpoint\Common\ViewpointService.exe [6/25/2009 5:14 PM 24652]

R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [6/25/2009 8:39 PM 2883968]

R3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [6/25/2009 8:39 PM 161792]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\Drivers\avgldx86.sys --> d:\windows\system32\Drivers\avgldx86.sys [?]

S2 DirMngr;DirMngr;d:\program files\GNU\GnuPG\dirmngr.exe [9/28/2009 12:15 PM 242176]

S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [6/29/2009 9:47 PM 133104]

S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [6/25/2009 8:39 PM 197376]

S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [8/3/2009 4:42 PM 17920]

S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [8/24/2009 12:37 PM 79360]

S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\DRIVERS\2862WICB.sys --> d:\windows\system32\DRIVERS\2862WICB.sys [?]

S4 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:36 AM 308136]

.

Contents of the 'Scheduled Tasks' folder

2010-07-30 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46]

2010-07-30 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 01:46]

2010-07-27 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003Core.job

- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05]

2010-07-29 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-790525478-725345543-1003UA.job

- d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 21:05]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - d:\documents and settings\Doog\Application Data\Mozilla\Firefox\Profiles\19lnv8qr.default\

FF - plugin: d:\documents and settings\Doog\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\BYOND\bin\npbyond.dll

FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: d:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-30 17:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG12.00.00.01PROFESSIONAL"="AB795364F17A9F318C529F99096BA0DE615C022E739CF5E20B6A9B554BA34884777AAC3A5B4

AB6F3606C562A0BD105C6635035DD9ACD16835BCC40492406BABC1303FDFD7BF0CA38C4170C1C503

8

15AAEEB6EFDA2BCE1985ED3CC0923518154C735A94E54D216484C15C4970F661262B3FF79B8D8A94

4

041D4A1832446A1A7E72088720E9F127E07F2074F8C7114028D26BED144FEBC9E127BECC74CFEBC9

E

127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC

4

980AC7933A6171C11EC38DE3D9DB7CE019D40AA5C9DB7CE019D40AA5C0AC47C218BCE8A4EC277FAC

D

3EEED65CDE7F53EEE0E19754B9E1242595C46A82742905FE3B4C30C09AF16BB7BE585EF5997D6C81

3

A8FA22D8B5AC9DD660E5EB3CF1BC68958A2E04B6F985FF8182185F2DD4FBCDDF9BE8FB0F6C00446D

2

7FE6FBE069764579B4152BAE4C57AC940EA1F6DA07AED93DB5AD8D90F3CF0E6D8070B542E5BBD844

2

AF60194F04A151025B90C94B72670B67C0255C05A9A875FB99D9A62E83291F5EC63CF356C1F96FDB

4

099FE1FA783E2D5F44FD43DD49AAE11AC34A81CB6BDD5F2DEE81F62CB339E14B008470ECEF077A72

E

1E32B6C319145D46B48356D6953E4DDDEE1151ED92B553EC06DBDAE4BAE8D077B435B789DFA6C5E5

4

FB693125A7FCB62FA19EB7543D85A424761F653A3F673A64408DF4CE4A4EF06DB0D9FB0BB8B6328C

D

474EFDF63B4DB359A3CB866689E65A65F4DDDF406F78CDD9599BAFA06AF8F5A73CEC1A5373783B33

D

8FD4667ADE2D7E0DFCB03BD806717E3E8EDAC7B21E52AEDBB8ACC875767F12236BEC4A6C65F4DA17

D

0EE3992AD26DC2270CE3B8748C055CB11B5DD007078F9F3703293D684E4622ED11C7F253675BB1D4

F

0D8F6F0DE6CBE809646D59B5D9C44019E0B878A1EBEB6B5CC51129F96C0FEE0C11F67BDA1344BBA9

C

2F52C6C530377AF332333B83B06C72076E3D6E75E02B8DC59935E3759A631CB626745CB5B776FD3E

9

300DD7C66FA124C1640F84E16F05CA687EF039110C181F55271623281B617A4AB22F9FC89C3B3F3B

F

0D4664FEA3C34C4C2AE8C5443A6A6340D31D23698EA6A9D71E748BCB6BBA07D5C4DB946BA30C9F86

1

37F3025074B81B67D2D0C5CF0D402FA5AA1BE51B2DC6286E45BC28D51213944E5041BEE77C7FA8F6

5

526DBD3AD6BD07C8A76C8D87D075A612BC39B6BFB68A971DE5F71F4227A01713AEE3F6C172F561A4

3

4CAD368089B96490340ADC67784EA571484417A7FC4B7EA6DDFC1474A49813B2A322A8EA4D711B2E

8

A2240B3C41D3DB58C279FB52DB3BBE3B7E47C58B574F0DA9677DF57212F1C5E56D65E2523367A02D

0

4D955986E93B5E560B873923CAB3DFD343BB462A23F19F3BDC34E2BD3A164C4E2DB282D6218027A6

4

7CCED0100CB0E9BDDCE17E1031C94"

.

Completion time: 2010-07-30 17:30:19

ComboFix-quarantined-files.txt 2010-07-30 21:30

ComboFix2.txt 2010-07-29 03:40

Pre-Run: 16,299,896,832 bytes free

Post-Run: 16,174,882,816 bytes free

- - End Of File - - AF8845124802240E6EE911953A7E7384

DDS would not run, I will try it in safemode and post the results

Link to post
Share on other sites

I tried running both DDS.scr and DDS.com in normal mode, a cmd window would open and close. I tried running it with "Close on exit" unchecked, which revealed just a blank terminal window so some part of it just isn't initializing. for what it's worth, I have a new DDS.txt from safemode:

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL

Run by Doog at 17:46:04.92 on Fri 07/30/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.750 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\system32\svchost.exe -k netsvcs

D:\Program Files\AVG\AVG9\avgchsvx.exe

D:\WINDOWS\system32\userinit.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\TortoiseSVN\bin\TSVNCache.exe

D:\Documents and Settings\Doog\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [d:\program files\netmeter\netmeter.exe] d:\program files\netmeter\NetMeter.exe

uRun: [Google Update] "d:\documents and settings\doog\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Aim] "d:\program files\aim\aim.exe" /d locale=en-US

uRun: [skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [soundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe

mRun: [TdspMa] d:\program files\irxon\total wireless\panel\TdspMa.exe

mRun: [safeSex_To Do List] "d:\program files\safesex\safesex.exe" /PROFILE=To Do List

mRun: [safeSex_ss notes] "d:\program files\safesex\safesex.exe" /PROFILE=ss notes

mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup

mRun: [amd_dc_opt] d:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [safeSex_iPod] "d:\program files\safesex\safesex.exe" /PROFILE=iPod

mRun: [AVG9_TRAY] d:\progra~1\avg\avg9\avgtray.exe

mRun: [KPDrv4XP] d:\progra~1\microi~1\intern~1\KPDrv4XP.EXE

mRun: [safeSex_beep] "d:\program files\safesex\safesex.exe" /PROFILE=beep

mRun: [iSUSPM Startup] d:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "d:\program files\common files\installshield\updateservice\issch.exe" -start

uPolicies-explorer: NoSMHelp = 01000000

uPolicies-explorer: NoLogoff = 01000000

IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\doog\applic~1\mozilla\firefox\profiles\19lnv8qr.default\

FF - plugin: d:\documents and settings\doog\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\byond\bin\npbyond.dll

FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - d:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsed:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 MFCARD;IRXON WLAN and BlueTooth Card;d:\windows\system32\drivers\tdspbus.sys [2009-6-25 2883968]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys --> d:\windows\system32\drivers\avgldx86.sys [?]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-6-25 29584]

S1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-6-25 243024]

S2 DirMngr;DirMngr;d:\program files\gnu\gnupg\dirmngr.exe [2009-9-28 242176]

S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104]

S2 HIDKbFlt;HIDKbFlt.SvcDesc%;d:\windows\system32\drivers\HIDKbFlt.sys [2005-7-25 23680]

S2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\viewpoint\common\ViewpointService.exe [2009-6-25 24652]

S3 BTCARD;IRXON Bluetooth Card v2.0;d:\windows\system32\drivers\btcard.sys [2009-6-25 197376]

S3 CEUSBAUD;DigiTech USB MIDI Driver;d:\windows\system32\drivers\ceusbaud.sys [2009-8-3 17920]

S3 Kinetic Books License Service;Kinetic Books License Service;d:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [2009-8-24 79360]

S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;d:\windows\system32\drivers\2862wicb.sys --> d:\windows\system32\drivers\2862WICB.sys [?]

S3 WLAN3DSPXP;IRXON WLAN Card;d:\windows\system32\drivers\wltbus50.sys [2009-6-25 161792]

S4 avg9wd;AVG Free WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

=============== Created Last 30 ================

2010-07-29 18:53:09 0 d-----w- d:\program files\Trend Micro

2010-07-29 17:15:27 21 ----a-w- d:\windows\S.dirmngr

2010-07-29 03:17:12 0 d-sha-r- D:\cmdcons

2010-07-29 03:11:18 98816 ----a-w- d:\windows\sed.exe

2010-07-29 03:11:18 77312 ----a-w- d:\windows\MBR.exe

2010-07-29 03:11:18 256512 ----a-w- d:\windows\PEV.exe

2010-07-29 03:11:18 161792 ----a-w- d:\windows\SWREG.exe

2010-07-28 02:33:53 0 ----a-w- d:\documents and settings\doog\defogger_reenable

2010-07-27 23:32:04 0 d-----w- d:\docume~1\doog\applic~1\Malwarebytes

2010-07-27 23:31:49 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-07-27 23:31:47 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-07-27 23:31:47 0 d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-07-27 23:31:47 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-22 05:42:32 99988 ----a-w- d:\documents and settings\doog\.recently-used.xbel

2010-07-22 03:32:33 0 d-----w- d:\windows\system32\Adobe

2010-07-16 12:36:40 12536 ----a-w- d:\windows\system32\avgrsstx.dll

2010-07-10 18:11:53 5840 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast1

2010-07-10 18:11:50 73000 ----a-w- d:\documents and settings\doog\clearos-enterprise-5.1-service-pack-1.iso.dfast0

2010-07-08 19:38:28 414 ----a-w- d:\windows\system32\lame_acm.xml

2010-07-08 19:38:28 38 ----a-w- d:\windows\avisplitter.ini

2010-07-08 19:38:28 165376 ----a-w- d:\windows\system32\unrar.dll

2010-07-08 19:38:27 839680 ----a-w- d:\windows\system32\lameACM.acm

2010-07-08 19:38:27 790528 ----a-w- d:\windows\system32\xvidcore.dll

2010-07-08 19:38:27 217088 ----a-w- d:\windows\system32\yv12vfw.dll

2010-07-08 19:38:27 151552 ----a-w- d:\windows\system32\ac3acm.acm

2010-07-08 19:38:27 134144 ----a-w- d:\windows\system32\xvidvfw.dll

2010-07-08 19:38:26 547 ----a-w- d:\windows\system32\ff_vfw.dll.manifest

2010-07-08 19:38:26 108032 ----a-w- d:\windows\system32\ff_vfw.dll

2010-07-08 19:38:24 0 d-----w- d:\program files\K-Lite Codec Pack

2010-07-07 19:54:39 73728 ----a-w- d:\windows\system32\ISUSPM.cpl

2010-07-07 19:43:15 271360 ----a-w- d:\windows\system32\drivers\atksgt.sys

2010-07-07 19:43:14 18048 ----a-w- d:\windows\system32\drivers\lirsgt.sys

2010-07-07 19:09:39 0 d-----w- d:\program files\Gothic III

==================== Find3M ====================

2010-07-16 12:36:42 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys

2010-06-12 05:11:49 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys

2010-06-12 05:11:49 47360 ----a-w- d:\docume~1\doog\applic~1\pcouffin.sys

2010-05-22 05:41:08 4096 ----a-w- d:\windows\d3dx.dat

2010-05-19 20:24:45 444952 ----a-w- d:\windows\system32\wrap_oal.dll

2010-05-19 20:24:44 109080 ----a-w- d:\windows\system32\OpenAL32.dll

2010-05-02 20:35:58 56532 ---ha-w- d:\windows\system32\mlfcache.dat

============= FINISH: 17:46:41.01 ===============

Link to post
Share on other sites

Other than DDS not running this last time how is the computer running?

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Link to post
Share on other sites

on the surface, it's fine. My performance does not seem to be affected (I've been playing Civ3 with no noticeable lag, which I would get if my computer had any less processing power than it does) and netstat doesn't show any malicious internet connections happening.

I don't think that there are any processes running that don't normally start up, but I'm not 100% positive. I typically close everything that I isn't necessary whenever I boot up, and I haven't been doing that to ensure that the scans can catch malicious ones.

I'm downloading kaspersky right now, will post the AV log when it's done

Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, July 31, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, July 30, 2010 22:02:59

Records in database: 4191399

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

Scan statistics:

Objects scanned: 419859

Threats found: 17

Infected objects found: 36

Suspicious objects found: 0

Scan duration: 06:31:11

File name / Threat / Threats count

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\2\28c08482-28323482 Infected: Exploit.OSX.Smid.c 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\2\42aa7c82-2306041b Infected: Trojan-Downloader.Java.OpenConnection.at 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\2\42aa7c82-2306041b Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\28\7bfbd51c-1c3da304 Infected: Trojan-Downloader.Java.OpenConnection.at 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\28\7bfbd51c-1c3da304 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\29\3c3bc5d-33c7bb55 Infected: Trojan-Downloader.Java.Agent.ea 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\32\2969eda0-37da4439 Infected: Exploit.Java.Agent.a 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\32\2969eda0-37da4439 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-76c1a510 Infected: Trojan-Downloader.Java.OpenConnection.at 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-76c1a510 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-5cc9692a Infected: Trojan-Downloader.Java.OpenConnection.at 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-5cc9692a Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\56\45a35b8-6fd94ddf Infected: Trojan-Downloader.Java.Agent.bj 3

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\58\22f687a-1bdc6396 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\58\22f687a-1bdc6396 Infected: Trojan-Downloader.Java.OpenStream.ad 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-46a7ae25 Infected: Trojan-Downloader.Java.OpenConnection.at 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-46a7ae25 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\8\6752cf48-69b83289 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Doog\Application Data\Sun\Java\Deployment\cache\6.0\8\6752cf48-69b83289 Infected: Trojan-Downloader.Java.Agent.fi 2

D:\Documents and Settings\Doog\My Documents\AIM Downloads\old\Dalak.bat Infected: Trojan.BAT.Flood.c 1

D:\Documents and Settings\Doog\My Documents\Downloads\281546_12.rar Infected: HackTool.Win32.Kiser.fm 1

D:\Documents and Settings\Doog\My Documents\Downloads\mirc634.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

D:\Documents and Settings\Doog\My Documents\Downloads\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

D:\Documents and Settings\Doog\My Documents\Downloads\tightvnc-1.3.10-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1

D:\Documents and Settings\Doog\Taskbar Menu\games\mmassacre\Muslim Massacre.exe Infected: Hoax.Win32.BadJoke.Formatter.gf 1

D:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

D:\Program Files\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

D:\Program Files\mIRC\mirc.old.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

D:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul Infected: Trojan-Spy.JS.Agent.a 1

D:\System Volume Information\_restore{E95A30C2-AB03-4C3E-951D-204D4B1049E8}\RP458\A0045684.exe Infected: P2P-Worm.Win32.Agent.afl 1

D:\System Volume Information\_restore{E95A30C2-AB03-4C3E-951D-204D4B1049E8}\RP458\A0045685.sys Infected: Rootkit.Win32.TDSS.ap 1

D:\System Volume Information\_restore{E95A30C2-AB03-4C3E-951D-204D4B1049E8}\RP458\A0049021.exe Infected: Trojan-GameThief.Win32.Tibia.gre 1

Selected area has been scanned.

does it always consider IRC clients to be malicious?

Link to post
Share on other sites

does it always consider IRC clients to be malicious?

Kaspersky does, yes. Just by the nature of mIRC and VNC, which is another false positive, and what they do can make them appear malicious. As long as you know about them then your okay.

I'm curious about another file that was found. Can you upload it to virustotal as you did earlier and post the results.

D:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul

Any idea what these are?

D:\Documents and Settings\Doog\My Documents\AIM Downloads\old\Dalak.bat

D:\Documents and Settings\Doog\My Documents\Downloads\281546_12.rar

There's also some infections in your Java cache. See the link on how to remove them.

http://support.f-secure.com/enu/home/virus...javacache.shtml

Link to post
Share on other sites

if I remember correctly, dalak.bat is a batch file that essentially causes an infinite loop of opening itself (or maybe I made sure that it was a finite loop, I can't remember). I made it as an example for a friend, who made it "better" and sent it back to me. I haven't seen that file in years, hah good memories.

The rar was an old keygen, I've already deleted it. Since you're probably wondering, I no longer use them (and when I used to, I would run them in a networkless locked-down VM)

Link to post
Share on other sites

if I remember correctly, dalak.bat is a batch file that essentially causes an infinite loop of opening itself (or maybe I made sure that it was a finite loop, I can't remember). I made it as an example for a friend, who made it "better" and sent it back to me. I haven't seen that file in years, hah good memories.

The rar was an old keygen, I've already deleted it. Since you're probably wondering, I no longer use them (and when I used to, I would run them in a networkless locked-down VM)

LOL on the batch file. So you were an aspiring script kiddie at one point in your life? Too funny...

Figured as much on the .rar file.

Link to post
Share on other sites

Interesting? Can't find much on it. It's listed as an Adobe Plugin in your DDS log earlier, but I don't think so...

FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - d:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}

I would suggest you go ahead and delete that CLSID. Worst case is you'll have to re-install Adobe Flash for Firefox, but I doubt it.

Uninstall Combofix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

The above procedure will:

  • Delete the following: ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

I don't even use firefox, I keep it for rare occasions.

I once wrote a simple RPG in C++, and then later reused it as a "trojan" that replaced my friend's host file and blocked his favorite websites...

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

AVG Free 9.0

Antivirus out of date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 17

Java 6 Update 5

Out of date Java installed!

Adobe Flash Player 10.0.32.18

Mozilla Firefox (3.5.11) Firefox Out of Date!

Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgnsx.exe

````````````````````````````````

DNS Vulnerability Check:

nslookup.exe missing!

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

looking at AVG, I think that the virus deleted my virus definitions entirely? because under "Virus DB:" it's blank.

Link to post
Share on other sites

looking at AVG, I think that the virus deleted my virus definitions entirely? because under "Virus DB:" it's blank.

:) You may need to re-install the program if it was damaged. You could also use the opportunity to switch to one of the other free "A's", Avira or Avast, both which I think are better than AVG.

You can see the rest of the updates you need in red. Here are some instructions on Java if you need.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says JDK 6 Update 21 ( JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Select your Operating System. For you simply select Windows.
  • Check the box that says: "Accept License Agreement".
  • Click the Continue button.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.

DNS Vulnerability Check:

nslookup.exe missing!

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

Did you knowingly delete that file?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.