View Full Version : PC might be infected..
parasiteangel
2011-03-19, 03:56
When I search on google and click the search results, at first it will go to the website I want and then it will be redirect me to another website.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Atleen at 18:41:36.71 on Fri 03/18/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.744 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Atleen\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094927713312
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143345146468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.7355208333
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\atleen\applic~1\mozilla\firefox\profiles\j3uzqc9c.default\
FF - component: c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Mignet Assistant Service: {b03c18ba-d7b2-6ac5-0be5-7d014d274183} - c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-19 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 27576]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-1-10 243584]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1803224]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-6-8 86098]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2005-4-3 95232]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
.
=============== Created Last 30 ================
.
2011-03-16 11:24:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-16 11:13:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-16 11:13:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-03-16 04:48:07 -------- d-----w- c:\docume~1\atleen\applic~1\Malwarebytes
2011-03-16 04:47:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 04:47:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-16 04:47:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-16 04:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 01:29:56 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-14 04:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-13 01:07:48 127190 ----a-w- c:\windows\system32\foEtCk58k.exe
2011-03-13 01:07:47 2064384 ----a-w- c:\program files\mozilla firefox\extensions\{b03c18ba-d7b2-6ac5-0be5-7d014d274183}\components\Kym-ta.dll
2011-03-11 02:53:11 -------- d-----w- C:\83a029cfbab080c80b6da8b7
2011-03-08 11:39:46 -------- d-----w- c:\windows\system32\Adobe
.
==================== Find3M ====================
.
2011-01-12 06:22:12 285480 ----a-w- c:\windows\system32\guard32.dll
.
============= FINISH: 18:43:40.84 ===============
shelf life
2011-03-20, 00:28
hi parasiteangel,
We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log in your reply:
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
parasiteangel
2011-03-20, 01:03
Hi shelf life,
Thank you so much for the quick reply.
I tried running combofix, with AVG and Comodo disabled,but it says that the installation failed.
parasiteangel
2011-03-20, 01:17
I tried to disable the comodo by disabling the defense+ and firewall and combofix seemed to run but it it wants me to uninstall avg.
Please advise.
Thank you so much.
shelf life
2011-03-20, 02:34
go ahead and uninstall AVG via the add/remove programs panel and restart your computer then run combofix.
parasiteangel
2011-03-20, 04:07
I am not sure but I have a feeling that the combofix is stuck. In case combofix stopped working in the middle, what do you recommend I do?
thanks
parasiteangel
2011-03-20, 04:56
Unfortunately my desktop froze so I had to restart it.
Combofix was not able to finish and there was no log created.
I'm sorry if there is too much problem.
Do I just run it again?
shelf life
2011-03-20, 14:40
Try running combofix in safe mode for now. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option on the list; safe mode. Once at the safe mode desktop run combofix.
parasiteangel
2011-03-20, 21:51
Thank you so much again for helping me.
Here is my combofix result:
ComboFix 11-03-15.02 - Atleen 03/20/2011 11:57:13.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1241 [GMT -7:00]
Running from: c:\documents and settings\Atleen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\mt
c:\windows\system32\mt\029.spr
c:\windows\system32\mt\029s.spr
c:\windows\system32\mt\030.pal
c:\windows\system32\mt\030.sid
c:\windows\system32\mt\030.spr
c:\windows\system32\mt\030.spr2
c:\windows\system32\mt\030s.spr
c:\windows\system32\mt\030s.spr2
c:\windows\system32\mt\031.pal
c:\windows\system32\mt\031.sid
c:\windows\system32\mt\031.spr
c:\windows\system32\mt\031s.spr
c:\windows\system32\mt\032.pal
c:\windows\system32\mt\032.sid
c:\windows\system32\mt\032.spr
c:\windows\system32\mt\032s.spr
c:\windows\system32\mt\033.pal
c:\windows\system32\mt\033.sid
c:\windows\system32\mt\033.spr
c:\windows\system32\mt\033s.spr
c:\windows\system32\mt\034.pal
c:\windows\system32\mt\034.sid
c:\windows\system32\mt\034.spr
c:\windows\system32\mt\034s.spr
c:\windows\system32\mt\035.pal
c:\windows\system32\mt\035.sid
c:\windows\system32\mt\035.spr
c:\windows\system32\mt\035s.spr
c:\windows\system32\mt\036.pal
c:\windows\system32\mt\036.sid
c:\windows\system32\mt\036.spr
c:\windows\system32\mt\036s.spr
c:\windows\system32\mt\037.pal
c:\windows\system32\mt\037.sid
c:\windows\system32\mt\037.spr
c:\windows\system32\mt\037s.spr
c:\windows\system32\mt\038.pal
c:\windows\system32\mt\038.sid
c:\windows\system32\mt\038.spr
c:\windows\system32\mt\038s.spr
c:\windows\system32\mt\039.pal
c:\windows\system32\mt\039.sid
c:\windows\system32\mt\039.spr
c:\windows\system32\mt\039s.spr
c:\windows\system32\mt\040-.pal
c:\windows\system32\mt\040-.sid
c:\windows\system32\mt\040-.spr
c:\windows\system32\mt\040-s.spr
c:\windows\system32\mt\040.pal
c:\windows\system32\mt\040.sid
c:\windows\system32\mt\040.spr
c:\windows\system32\mt\040s.spr
c:\windows\system32\mt\041.pal
c:\windows\system32\mt\041.sid
c:\windows\system32\mt\041.spr
c:\windows\system32\mt\041s.spr
c:\windows\system32\mt\042.pal
c:\windows\system32\mt\042.sid
c:\windows\system32\mt\042.spr
c:\windows\system32\mt\042s.spr
c:\windows\system32\mt\043.pal
c:\windows\system32\mt\043.sid
c:\windows\system32\mt\043.spr
c:\windows\system32\mt\043s.spr
c:\windows\system32\mt\044.pal
c:\windows\system32\mt\044.sid
c:\windows\system32\mt\044.spr
c:\windows\system32\mt\044s.spr
c:\windows\system32\mt\045.pal
c:\windows\system32\mt\045.sid
c:\windows\system32\mt\045.spr
c:\windows\system32\mt\045s.spr
c:\windows\system32\mt\10a.pal
c:\windows\system32\mt\10a.sid
c:\windows\system32\mt\10a.spr
c:\windows\system32\mt\10as.spr
c:\windows\system32\mt\10b.pal
c:\windows\system32\mt\10b.sid
c:\windows\system32\mt\10b.spr
c:\windows\system32\mt\10bs.spr
c:\windows\system32\mt\10c.pal
c:\windows\system32\mt\10c.sid
c:\windows\system32\mt\10c.spr
c:\windows\system32\mt\10cs.spr
c:\windows\system32\mt\1152.pal
c:\windows\system32\mt\1152.sid
c:\windows\system32\mt\1152.spr
c:\windows\system32\mt\1152s.spr
c:\windows\system32\mt\151.pal
c:\windows\system32\mt\151.sid
c:\windows\system32\mt\151.spr
c:\windows\system32\mt\151s.spr
c:\windows\system32\mt\153.pal
c:\windows\system32\mt\153.sid
c:\windows\system32\mt\153.spr
c:\windows\system32\mt\153s.spr
c:\windows\system32\mt\30a.pal
c:\windows\system32\mt\30a.sid
c:\windows\system32\mt\30a.spr
c:\windows\system32\mt\30as.spr
c:\windows\system32\mt\30b.pal
c:\windows\system32\mt\30b.sid
c:\windows\system32\mt\30b.spr
c:\windows\system32\mt\30bs.spr
c:\windows\system32\mt\30c.pal
c:\windows\system32\mt\30c.sid
c:\windows\system32\mt\30c.spr
c:\windows\system32\mt\30cs.spr
c:\windows\system32\mt\30d.pal
c:\windows\system32\mt\30d.sid
c:\windows\system32\mt\30d.spr
c:\windows\system32\mt\30ds.spr
c:\windows\system32\mt\30e.pal
c:\windows\system32\mt\30e.sid
c:\windows\system32\mt\30e.spr
c:\windows\system32\mt\30es.spr
c:\windows\system32\mt\30f.pal
c:\windows\system32\mt\30f.sid
c:\windows\system32\mt\30f.spr
c:\windows\system32\mt\30fs.spr
c:\windows\system32\mt\30g.pal
c:\windows\system32\mt\30g.sid
c:\windows\system32\mt\30g.spr
c:\windows\system32\mt\30gs.spr
c:\windows\system32\mt\40a.pal
c:\windows\system32\mt\40a.sid
c:\windows\system32\mt\40a.spr
c:\windows\system32\mt\40as.spr
c:\windows\system32\mt\40b.pal
c:\windows\system32\mt\40b.sid
c:\windows\system32\mt\40b.spr
c:\windows\system32\mt\40bs.spr
c:\windows\system32\mt\40c.pal
c:\windows\system32\mt\40c.sid
c:\windows\system32\mt\40c.spr
c:\windows\system32\mt\40cs.spr
c:\windows\system32\mt\40d.pal
c:\windows\system32\mt\40d.sid
c:\windows\system32\mt\40d.spr
c:\windows\system32\mt\40ds.spr
c:\windows\system32\mt\40e.pal
c:\windows\system32\mt\40e.sid
c:\windows\system32\mt\40e.spr
c:\windows\system32\mt\40es.spr
c:\windows\system32\mt\40f.pal
c:\windows\system32\mt\40f.sid
c:\windows\system32\mt\40f.spr
c:\windows\system32\mt\40fs.spr
c:\windows\system32\mt\50a.pal
c:\windows\system32\mt\50a.sid
c:\windows\system32\mt\50a.spr
c:\windows\system32\mt\50as.spr
c:\windows\system32\mt\50b.pal
c:\windows\system32\mt\50b.sid
c:\windows\system32\mt\50b.spr
c:\windows\system32\mt\50bs.spr
c:\windows\system32\mt\50c.pal
c:\windows\system32\mt\50c.sid
c:\windows\system32\mt\50c.spr
c:\windows\system32\mt\50cs.spr
c:\windows\system32\mt\50d.pal
c:\windows\system32\mt\50d.sid
c:\windows\system32\mt\50d.spr
c:\windows\system32\mt\50ds.spr
c:\windows\system32\mt\50e.pal
c:\windows\system32\mt\50e.sid
c:\windows\system32\mt\50e.spr
c:\windows\system32\mt\50es.spr
c:\windows\system32\mt\60b.pal
c:\windows\system32\mt\60b.sid
c:\windows\system32\mt\60b.spr
c:\windows\system32\mt\60bs.spr
c:\windows\system32\mt\70a.pal
c:\windows\system32\mt\70a.sid
c:\windows\system32\mt\70a.spr
c:\windows\system32\mt\70as.spr
c:\windows\system32\mt\bow.pal
c:\windows\system32\mt\bow.sid
c:\windows\system32\mt\bow.spr
c:\windows\system32\mt\bows.spr
c:\windows\system32\mt\droptree1.pal
c:\windows\system32\mt\droptree1.spr
c:\windows\system32\mt\droptree1s.pal
c:\windows\system32\mt\droptree1s.spr
c:\windows\system32\mt\droptree2.pal
c:\windows\system32\mt\droptree2.spr
c:\windows\system32\mt\droptree2s.pal
c:\windows\system32\mt\droptree2s.spr
c:\windows\system32\mt\h40a.pal
c:\windows\system32\mt\h40a.sid
c:\windows\system32\mt\h40a.spr
c:\windows\system32\mt\h40as.spr
c:\windows\system32\mt\m001.pal
c:\windows\system32\mt\m001.sid
c:\windows\system32\mt\m001.spr
c:\windows\system32\mt\m001s.spr
c:\windows\system32\mt\m002.pal
c:\windows\system32\mt\m002.sid
c:\windows\system32\mt\m002.spr
c:\windows\system32\mt\m002s.spr
c:\windows\system32\mt\m003.pal
c:\windows\system32\mt\m003.sid
c:\windows\system32\mt\m003.spr
c:\windows\system32\mt\m003s.spr
c:\windows\system32\mt\m004.pal
c:\windows\system32\mt\m004.sid
c:\windows\system32\mt\m004.spr
c:\windows\system32\mt\m004s.spr
c:\windows\system32\mt\m005.pal
c:\windows\system32\mt\m005.sid
c:\windows\system32\mt\m005.spr
c:\windows\system32\mt\m005s.spr
c:\windows\system32\mt\m006.pal
c:\windows\system32\mt\m006.sid
c:\windows\system32\mt\m006.spr
c:\windows\system32\mt\m006s.spr
c:\windows\system32\mt\m007.pal
c:\windows\system32\mt\m007.sid
c:\windows\system32\mt\m007.spr
c:\windows\system32\mt\m007s.spr
c:\windows\system32\mt\m008.pal
c:\windows\system32\mt\m008.sid
c:\windows\system32\mt\m008.spr
c:\windows\system32\mt\m008s.spr
c:\windows\system32\mt\m009.pal
c:\windows\system32\mt\m009.sid
c:\windows\system32\mt\m009.spr
c:\windows\system32\mt\m009s.spr
c:\windows\system32\mt\m010.pal
c:\windows\system32\mt\m010.sid
c:\windows\system32\mt\m010.spr
c:\windows\system32\mt\m010s.spr
c:\windows\system32\mt\m011.pal
c:\windows\system32\mt\m011.sid
c:\windows\system32\mt\m011.spr
c:\windows\system32\mt\m011s.spr
c:\windows\system32\mt\m012.pal
c:\windows\system32\mt\m012.sid
c:\windows\system32\mt\m012.spr
c:\windows\system32\mt\m012s.spr
c:\windows\system32\mt\m013.pal
c:\windows\system32\mt\m013.sid
c:\windows\system32\mt\m013.spr
c:\windows\system32\mt\m013s.spr
c:\windows\system32\mt\m014.pal
c:\windows\system32\mt\m014.sid
c:\windows\system32\mt\m014.spr
c:\windows\system32\mt\m014s.spr
c:\windows\system32\mt\s001.pal
c:\windows\system32\mt\s001.sid
c:\windows\system32\mt\s001.spr
c:\windows\system32\mt\s001h.pal
c:\windows\system32\mt\s001h.sid
c:\windows\system32\mt\s001h.spr
c:\windows\system32\mt\s001hs.spr
c:\windows\system32\mt\s001s.spr
c:\windows\system32\mt\s002.pal
c:\windows\system32\mt\s002.sid
c:\windows\system32\mt\s002.spr
c:\windows\system32\mt\s002s.spr
c:\windows\system32\mt\s003.pal
c:\windows\system32\mt\s003.sid
c:\windows\system32\mt\s003.spr
c:\windows\system32\mt\s003s.spr
c:\windows\system32\mt\s004.pal
c:\windows\system32\mt\s004.sid
c:\windows\system32\mt\s004.spr
c:\windows\system32\mt\s004s.spr
c:\windows\system32\mt\s005.pal
c:\windows\system32\mt\s005.sid
c:\windows\system32\mt\s005.spr
c:\windows\system32\mt\s005s.spr
c:\windows\system32\mt\s006.pal
c:\windows\system32\mt\s006.sid
c:\windows\system32\mt\s006.spr
c:\windows\system32\mt\s006s.spr
c:\windows\system32\mt\s007.pal
c:\windows\system32\mt\s007.sid
c:\windows\system32\mt\s007.spr
c:\windows\system32\mt\s007s.spr
c:\windows\system32\mt\s010.pal
c:\windows\system32\mt\s010.sid
c:\windows\system32\mt\s010.spr
c:\windows\system32\mt\s010_1.pal
c:\windows\system32\mt\s010_1.sid
c:\windows\system32\mt\s010_1.spr
c:\windows\system32\mt\s010s.spr
c:\windows\system32\mt\s011.pal
c:\windows\system32\mt\s011.sid
c:\windows\system32\mt\s011.spr
c:\windows\system32\mt\s011s.spr
c:\windows\system32\mt\sh001.pal
c:\windows\system32\mt\sh001.sid
c:\windows\system32\mt\sh001.spr
c:\windows\system32\mt\sh001s.spr
c:\windows\system32\mt\sm000.pal
c:\windows\system32\mt\sm000.sid
c:\windows\system32\mt\sm000.spr
c:\windows\system32\mt\sm000s.spr
c:\windows\system32\mt\sm001.pal
c:\windows\system32\mt\sm001.sid
c:\windows\system32\mt\sm001.spr
c:\windows\system32\mt\sm001s.spr
c:\windows\system32\mt\sm003.pal
c:\windows\system32\mt\sm003.sid
c:\windows\system32\mt\sm003.spr
c:\windows\system32\mt\sm003s.spr
c:\windows\system32\mt\sm032.pal
c:\windows\system32\mt\sm042.pal
c:\windows\system32\mt\ssan.pal
c:\windows\system32\mt\ssan.sid
c:\windows\system32\mt\ssan.spr
c:\windows\system32\mt\ssans.spr
c:\windows\tempf.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 01:05 . 2011-03-20 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-19 01:38 . 2011-03-19 01:39 -------- d-----w- c:\program files\ERUNT
2011-03-16 11:24 . 2011-03-16 11:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-16 11:13 . 2011-03-16 11:13 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-16 11:13 . 2011-03-16 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-03-16 04:48 . 2011-03-16 04:48 -------- d-----w- c:\documents and settings\Atleen\Application Data\Malwarebytes
2011-03-16 04:47 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-16 04:47 . 2011-03-16 04:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-16 04:47 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 01:29 . 2011-03-15 01:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-14 04:50 . 2011-03-14 04:51 -------- d-----w- c:\documents and settings\Atleen\Application Data\DivX
2011-03-14 04:46 . 2011-03-17 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-03-11 02:53 . 2011-03-11 02:53 -------- d-----w- C:\83a029cfbab080c80b6da8b7
2011-03-08 11:39 . 2011-03-08 11:40 -------- d-----w- c:\windows\system32\Adobe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 06:22 . 2010-06-02 02:00 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 06:22 . 2010-06-02 02:00 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 06:22 . 2010-06-02 02:00 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 06:22 . 2010-06-04 18:55 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-12 06:22 . 2010-06-02 02:00 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Atleen^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
path=c:\documents and settings\Atleen\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-07-22 20:38 88361 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2003-09-29 06:22 36352 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-03-06 00:32 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-04 07:56 50176 ----a-w- c:\windows\eHome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 21:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 20:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-06-26 18:33 243248 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-05-25 00:21 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sHotKey]
2003-08-22 17:22 45056 ----a-w- c:\program files\Sony\sHotKey\SHOTKEY.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-01-17 11:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-11-03 19:55 1052672 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
2004-03-24 17:40 147456 ----a-w- c:\windows\SONYSYS\Eflyer\EFlyer_Popup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"YahooAUService"=2 (0x2)
"SonicStageMonitoring"=2 (0x2)
"aawservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\PLDTPlay\\ServerScout\\ServerScout.exe"=
"c:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe"=
"c:\\Program Files\\Sony\\vaio media 3.0\\Vc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Sierra\\Counter-Strike\\svchost.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 27576]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [1/10/2007 10:39 PM 243584]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 11:28 AM 204800]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [6/8/2004 2:54 PM 86098]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [4/3/2005 6:08 PM 95232]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
.
Contents of the 'Scheduled Tasks' folder
.
2004-07-11 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
2004-07-16 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
2004-07-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-04-01 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Atleen\Application Data\Mozilla\Firefox\Profiles\j3uzqc9c.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 12:15
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3710816040-3839843654-1662050968-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\ehRec.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\HPZipm12.exe
c:\windows\system32\java.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-20 12:24:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-20 19:23
ComboFix2.txt 2010-06-12 04:32
.
Pre-Run: 96,088,223,744 bytes free
Post-Run: 94,411,616,256 bytes free
.
- - End Of File - - 557109B5D597B583E6D646DB0C822D2E
shelf life
2011-03-20, 22:52
no problem, your welcome. Try running combofix now in "normal" mode. Also check malwarebytes for updates and scan with it to see if it digs up anything after you try combofix first.
parasiteangel
2011-03-21, 02:16
I tried running combofix but it got stuck on the preparing log report part.
shelf life
2011-03-21, 03:05
Take a look here: C:\ComboFix.txt just to check if the log is there.
We will also get two more downloads to use.
1)
Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. Vista/W7 right click and "run as admin" After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result."
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report
2)
Please also download MBRCheck to your desktop
http://ad13.geekstogo.com/MBRCheck.exe
* Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
* It will show a Black screen with some information that will contain either the below line if no problem is found:
o Done! Press ENTER to exit...
* Or you will see more information like below if a problem is found:
o Found non-standard or infected MBR.
o Enter 'Y' and hit ENTER for more options, or 'N' to exit:
* Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
* MBRCheck will create a log on your desktop named similar to MBRCheck_03.20.11_18.14.txt which is based on date and time.
* copy/paste the log in your reply
parasiteangel
2011-03-21, 03:12
I don't have the C:\ComboFix.txt but I have a combofix folder. Inside the folder there is a combofix.txt but it just has these 4 lines:
ComboFix 11-03-19.04 - Atleen 03/20/2011 16:47:14.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1017 [GMT -7:00]
Running from: C:\Documents and Settings\Atleen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
Do you still want me to run malwarebytes or just proceed to TDSS and MBRcheck?
shelf life
2011-03-21, 03:34
Go ahead with TDSSkiller and MBRcheck. I wont be back online for 18 or so hours. You also may as well re-install and update AVG free (http://free.avg.com/us-en/get-basic-protection).
parasiteangel
2011-03-21, 03:44
TDSS Killer Result:
2011/03/20 18:36:57.0125 2084 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/20 18:36:57.0156 2084 ================================================================================
2011/03/20 18:36:57.0156 2084 SystemInfo:
2011/03/20 18:36:57.0156 2084
2011/03/20 18:36:57.0156 2084 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/20 18:36:57.0156 2084 Product type: Workstation
2011/03/20 18:36:57.0156 2084 ComputerName: VALUED-E91AB895
2011/03/20 18:36:57.0156 2084 UserName: Atleen
2011/03/20 18:36:57.0156 2084 Windows directory: C:\WINDOWS
2011/03/20 18:36:57.0156 2084 System windows directory: C:\WINDOWS
2011/03/20 18:36:57.0156 2084 Processor architecture: Intel x86
2011/03/20 18:36:57.0156 2084 Number of processors: 2
2011/03/20 18:36:57.0156 2084 Page size: 0x1000
2011/03/20 18:36:57.0156 2084 Boot type: Normal boot
2011/03/20 18:36:57.0156 2084 ================================================================================
2011/03/20 18:36:57.0406 2084 Initialize success
2011/03/20 18:37:02.0890 2144 ================================================================================
2011/03/20 18:37:02.0890 2144 Scan started
2011/03/20 18:37:02.0890 2144 Mode: Manual;
2011/03/20 18:37:02.0890 2144 ================================================================================
2011/03/20 18:37:03.0359 2144 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/20 18:37:03.0421 2144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/20 18:37:03.0500 2144 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/03/20 18:37:03.0593 2144 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/20 18:37:03.0656 2144 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/20 18:37:03.0703 2144 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/03/20 18:37:03.0796 2144 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/20 18:37:03.0921 2144 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/20 18:37:04.0156 2144 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/03/20 18:37:04.0218 2144 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/20 18:37:04.0375 2144 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/20 18:37:04.0406 2144 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/20 18:37:04.0453 2144 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/20 18:37:04.0562 2144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/20 18:37:04.0609 2144 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/03/20 18:37:04.0656 2144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/20 18:37:04.0734 2144 CamthWDM (0a679709f97d085b8efd40d3a116a59f) C:\WINDOWS\system32\DRIVERS\CamthWDM.sys
2011/03/20 18:37:04.0921 2144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/20 18:37:04.0968 2144 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/20 18:37:05.0062 2144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/20 18:37:05.0109 2144 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/20 18:37:05.0203 2144 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/20 18:37:05.0296 2144 cmdGuard (dd530ee7d9efbb0ec42aebe7226b8a93) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2011/03/20 18:37:05.0312 2144 cmdHlp (07cbbe993ed08a52dafac1e6cf27b6a5) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2011/03/20 18:37:05.0500 2144 DCamUSBVeo532 (e3834cdc0ea44bdda7c54861a4c92d32) C:\WINDOWS\system32\Drivers\ubVeo532.sys
2011/03/20 18:37:05.0546 2144 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/20 18:37:05.0671 2144 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/20 18:37:05.0765 2144 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/03/20 18:37:05.0796 2144 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/20 18:37:05.0828 2144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/20 18:37:05.0937 2144 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/20 18:37:06.0000 2144 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/20 18:37:06.0062 2144 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/20 18:37:06.0203 2144 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/20 18:37:06.0265 2144 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/20 18:37:06.0328 2144 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/20 18:37:06.0359 2144 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/20 18:37:06.0453 2144 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/20 18:37:06.0500 2144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/20 18:37:06.0578 2144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/20 18:37:06.0625 2144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/20 18:37:06.0703 2144 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/20 18:37:06.0765 2144 HidIr (442915553e99782fa5713b04c3eeb94a) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/03/20 18:37:06.0843 2144 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/20 18:37:06.0906 2144 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/20 18:37:06.0937 2144 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/20 18:37:07.0031 2144 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/20 18:37:07.0078 2144 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/20 18:37:07.0187 2144 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/20 18:37:07.0250 2144 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/20 18:37:07.0375 2144 Inspect (8154a2c13b72b08db11157673c60c3eb) C:\WINDOWS\system32\DRIVERS\inspect.sys
2011/03/20 18:37:07.0453 2144 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/20 18:37:07.0484 2144 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/20 18:37:07.0546 2144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/20 18:37:07.0640 2144 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/20 18:37:07.0703 2144 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/20 18:37:07.0750 2144 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/20 18:37:07.0796 2144 IrBus (9d0f94e4feb6dcddaef975def0a32949) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/03/20 18:37:07.0843 2144 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/20 18:37:07.0937 2144 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/20 18:37:07.0984 2144 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/20 18:37:08.0031 2144 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/20 18:37:08.0078 2144 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/20 18:37:08.0125 2144 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/20 18:37:08.0328 2144 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/03/20 18:37:08.0468 2144 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/03/20 18:37:08.0578 2144 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/03/20 18:37:08.0640 2144 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/03/20 18:37:08.0687 2144 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/03/20 18:37:08.0765 2144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/20 18:37:08.0859 2144 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/20 18:37:08.0875 2144 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/20 18:37:08.0937 2144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/20 18:37:08.0968 2144 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/20 18:37:09.0031 2144 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/20 18:37:09.0140 2144 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/20 18:37:09.0203 2144 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/20 18:37:09.0265 2144 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/20 18:37:09.0296 2144 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/20 18:37:09.0343 2144 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/20 18:37:09.0406 2144 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/20 18:37:09.0437 2144 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/20 18:37:09.0484 2144 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/20 18:37:09.0578 2144 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/20 18:37:09.0609 2144 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/20 18:37:09.0656 2144 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/20 18:37:09.0718 2144 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/20 18:37:09.0750 2144 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/20 18:37:09.0843 2144 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/20 18:37:09.0875 2144 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/20 18:37:09.0921 2144 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/20 18:37:09.0953 2144 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/20 18:37:10.0015 2144 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/20 18:37:10.0093 2144 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/20 18:37:10.0125 2144 NPPTNT (074e989e9ea12230a9a44df435d30a39) C:\WINDOWS\system32\npptNT.sys
2011/03/20 18:37:10.0328 2144 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/20 18:37:10.0453 2144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/20 18:37:10.0562 2144 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/20 18:37:10.0656 2144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/20 18:37:10.0734 2144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/20 18:37:10.0781 2144 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/20 18:37:10.0812 2144 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/20 18:37:10.0843 2144 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/20 18:37:10.0890 2144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/20 18:37:10.0906 2144 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/20 18:37:10.0968 2144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/20 18:37:11.0031 2144 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/20 18:37:11.0265 2144 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/03/20 18:37:11.0484 2144 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/03/20 18:37:11.0609 2144 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/20 18:37:11.0656 2144 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/20 18:37:11.0718 2144 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/20 18:37:11.0781 2144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/20 18:37:11.0890 2144 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/20 18:37:12.0046 2144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/20 18:37:12.0078 2144 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/20 18:37:12.0109 2144 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/20 18:37:12.0156 2144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/20 18:37:12.0250 2144 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/20 18:37:12.0312 2144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/20 18:37:12.0343 2144 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/20 18:37:12.0406 2144 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/20 18:37:12.0453 2144 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/20 18:37:12.0640 2144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/20 18:37:12.0703 2144 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/20 18:37:12.0750 2144 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/20 18:37:12.0796 2144 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/20 18:37:12.0890 2144 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/20 18:37:12.0984 2144 smrt (520a8d79fb1a53803b269ccfc1a1c388) C:\WINDOWS\system32\DRIVERS\smrt.sys
2011/03/20 18:37:13.0093 2144 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/20 18:37:13.0187 2144 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/03/20 18:37:13.0265 2144 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/20 18:37:13.0359 2144 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/20 18:37:13.0406 2144 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/20 18:37:13.0453 2144 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/20 18:37:13.0500 2144 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/20 18:37:13.0562 2144 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/20 18:37:13.0765 2144 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/20 18:37:13.0828 2144 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/20 18:37:13.0875 2144 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/20 18:37:13.0953 2144 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/20 18:37:14.0000 2144 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/20 18:37:14.0109 2144 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/20 18:37:14.0203 2144 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/20 18:37:14.0328 2144 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/20 18:37:14.0375 2144 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/20 18:37:14.0406 2144 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/20 18:37:14.0453 2144 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/20 18:37:14.0484 2144 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/20 18:37:14.0515 2144 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/20 18:37:14.0593 2144 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/20 18:37:14.0625 2144 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/20 18:37:14.0656 2144 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/20 18:37:14.0781 2144 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/20 18:37:14.0843 2144 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/20 18:37:14.0953 2144 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/20 18:37:14.0984 2144 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/20 18:37:15.0078 2144 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/20 18:37:15.0203 2144 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/20 18:37:15.0500 2144 ================================================================================
2011/03/20 18:37:15.0500 2144 Scan finished
2011/03/20 18:37:15.0500 2144 ================================================================================
2011/03/20 18:39:05.0843 0960 Deinitialize success
MBRCheck Result
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000003dd
Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FD000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7468000 sr.sys
0xF7667000 PxHelp20.sys
0xF7870000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF785A000 inspect.sys
0xF782D000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xF7717000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xF796C000 Mup.sys
0xF7677000 agp440.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF7458000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9B7E000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB9B6A000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7797000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9B47000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF779F000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB9B23000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xB9A66000 \SystemRoot\System32\DRIVERS\smrt.sys
0xF7438000 \SystemRoot\System32\DRIVERS\STREAM.SYS
0xB9A43000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7428000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77A7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF77B7000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB9A2F000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7418000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7408000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7887000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF77BF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB999D000 \SystemRoot\system32\drivers\smwdm.sys
0xB9979000 \SystemRoot\system32\drivers\portcls.sys
0xBA715000 \SystemRoot\system32\drivers\drmk.sys
0xF79D7000 \SystemRoot\system32\drivers\aeaudio.sys
0xB9843000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF77C7000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9807000 \SystemRoot\system32\DRIVERS\CamthWDM.sys
0xF7ABD000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA6A5000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA78E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8BF0000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA695000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA278000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8BDF000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA268000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77E7000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF77EF000 \SystemRoot\System32\DRIVERS\wanatw4.sys
0xB7EE4000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA248000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79F7000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB7E8B000 \SystemRoot\System32\DRIVERS\update.sys
0xB9DF0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA228000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA218000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79FF000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF77F7000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB2DB9000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xB9DD8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9D4F000 \SystemRoot\System32\Drivers\Null.SYS
0xB9DD6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7807000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF780F000 \SystemRoot\System32\drivers\vga.sys
0xB9DD4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB9DD2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7817000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF781F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7FC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB2D86000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB2D2E000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF773F000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xB2D0D000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB2CE5000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA208000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB2C9B000 \SystemRoot\System32\drivers\afd.sys
0xBA1F8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB2C70000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xBA077000 \??\C:\WINDOWS\system32\npptNT.sys
0xB2C01000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB9EA7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7A72000 \SystemRoot\System32\DRIVERS\DMICall.sys
0xF7A73000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB9E87000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA067000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA057000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xBA7C8000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB9E77000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB29F7000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
0xB9E67000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xB2768000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0xB9DCC000 \SystemRoot\system32\DRIVERS\lv302af.sys
0xB9E57000 \SystemRoot\system32\drivers\usbaudio.sys
0xB2728000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xBA7C4000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB2710000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB9DCA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA782000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA047000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7AD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB1454000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB09DD000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB09B1000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79E3000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB086A000 \SystemRoot\System32\DRIVERS\srv.sys
0xF79AB000 \SystemRoot\system32\drivers\MSPQM.sys
0xB26E0000 \SystemRoot\System32\DRIVERS\CCDECODE.sys
0xAF262000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0565000 \SystemRoot\system32\drivers\sysaudio.sys
0xF775F000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xAEC5A000 \SystemRoot\System32\Drivers\HTTP.sys
0xAD56A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 39):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
720 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
788 C:\WINDOWS\system32\services.exe
800 C:\WINDOWS\system32\lsass.exe
952 C:\WINDOWS\system32\svchost.exe
1012 svchost.exe
1052 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1080 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1276 svchost.exe
1368 C:\WINDOWS\system32\spoolsv.exe
1412 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1540 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1560 C:\Program Files\Bonjour\mDNSResponder.exe
1584 C:\WINDOWS\eHome\ehsched.exe
1632 C:\Program Files\Java\jre6\bin\jqs.exe
1680 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
1692 ehrec.exe
1716 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1828 C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
1836 C:\WINDOWS\system32\java.exe
1916 C:\WINDOWS\system32\svchost.exe
284 wdfmgr.exe
380 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
2068 C:\WINDOWS\explorer.exe
2272 C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
2428 C:\WINDOWS\system32\wscntfy.exe
2440 alg.exe
2936 C:\WINDOWS\system32\ezSP_Px.exe
2948 C:\WINDOWS\AGRSMMSG.exe
2996 C:\Program Files\iTunes\iTunesHelper.exe
3016 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3120 C:\Program Files\iPod\bin\iPodService.exe
3484 C:\WINDOWS\system32\wuauclt.exe
2472 C:\WINDOWS\system32\svchost.exe
2888 C:\Documents and Settings\Atleen\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS)
PhysicalDrive0 Model Number: HDS722525VLAT80, Rev: V36OA61A
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
Done!
shelf life
2011-03-21, 22:50
hi,
thanks for the info. not much there to worry about. Did you get AVG installed and updated?
how is the re-direct situation now? Please rescan and post a new DDS log.
parasiteangel
2011-03-21, 23:27
Yes, I did install AVG and update it.
I disconnected my pc from the network when I started to get the redirect problem. I just reconnected it and it seems that it does not redirect me anymore. I will update you if I encounter any redirects again.
Thank you so much.
Here is the latest DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Atleen at 14:18:19.70 on Mon 03/21/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.653 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Atleen\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094927713312
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143345146468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.7355208333
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\atleen\applic~1\mozilla\firefox\profiles\j3uzqc9c.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2007-1-10 243584]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-6-8 86098]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2005-4-3 95232]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
.
=============== Created Last 30 ================
.
2011-03-21 02:04:29 -------- d--h--w- C:\VritualRoot
2011-03-21 02:01:16 -------- d-----w- c:\program files\COMODO
2011-03-21 01:58:16 -------- d-----w- c:\docume~1\atleen\applic~1\AVG10
2011-03-21 01:56:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-21 01:56:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-20 23:43:11 -------- d-----w- C:\ComboFix-456
2011-03-20 01:05:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-16 11:24:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-16 11:13:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-16 11:13:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-03-16 04:48:07 -------- d-----w- c:\docume~1\atleen\applic~1\Malwarebytes
2011-03-16 04:47:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 04:47:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-16 04:47:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-16 04:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 01:29:56 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-14 04:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-11 02:53:11 -------- d-----w- C:\83a029cfbab080c80b6da8b7
2011-03-08 11:39:46 -------- d-----w- c:\windows\system32\Adobe
.
==================== Find3M ====================
.
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-29 08:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
.
============= FINISH: 14:20:30.34 ===============
shelf life
2011-03-22, 01:29
I disconnected my pc from the network when I started to get the redirect problem.
Thats very wise. Cruise around and make sure they are gone then we can finish up the thread.
parasiteangel
2011-03-23, 04:17
It seems that my pc is okay now.
Thank you so much for all your help.
I will still observe the behavior of my browser. Hopefully I won't have to post any problems again.
Again, thank you so much for the time and patience in helping me. :2thumb:
shelf life
2011-03-24, 23:11
ok Your welcome. Couple things left to do. You can delete the TDSSkiller and MBRcheck icon from your desktop. You can remove combofix like this:
Start>run and type in combofix /uninstall
click ok or enter
note the space after the x and before the /
you can make a new restore point, the how and the why:
One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
And everybody gets this:
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser(s) (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and add ons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) A slide show how to for securing Internet Explorer 8.0 (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) for safer surfing. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.
10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. Malware can be named anything, be nothing but malware or have malware bundled in it. Do you really trust the source of the file?
More info/tips with pictures, links below
Happy Safe Surfing