click.giftload, may be in the clear

[RyanV]

http://forums.spybot.info/showthread.php?t=63210

Here is a new DDS log, I have uninstalled all p2p applications:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 18:39:06.85 on Wed 06/01/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.779 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\Firewall\FWCfg.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\valued customer\application data\leadertech\powerregister\Seagate Product Registration.exe
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: - %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: - %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVENG.SYS [2011-5-30 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVEX15.SYS [2011-5-30 1542392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-5-17 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2011-5-17 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-27 08:08:02 6962000 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{da423d87-723a-46c3-b573-bd4152af2661}\mpengine.dll
2011-05-24 07:10:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2011-05-24 07:07:25 -------- d-----w- c:\docume~1\valued~1\applic~1\Memeo
2011-05-24 07:07:07 -------- d-----w- c:\docume~1\valued~1\applic~1\Seagate
2011-05-24 07:06:13 -------- d-----w- c:\program files\common files\Memeo
2011-05-24 07:06:06 -------- d-----w- c:\program files\Memeo
2011-05-24 07:05:25 -------- d-----w- c:\program files\Seagate
2011-05-17 18:31:07 3768 ----a-w- c:\windows\system32\SndTVideo.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\SndTAudio.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-05-17 18:31:07 200704 ----a-w- c:\windows\system32\snmvtsvc.exe
2011-05-17 18:31:07 10936 ----a-w- c:\windows\system32\SndTVideo.dll
2011-05-17 18:31:06 -------- d-----w- c:\program files\SoundTaxi
2011-05-17 17:53:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-06 03:32:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-05 00:22:17 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-05 00:22:15 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
.
==================== Find3M ====================
.
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 01:03:37 816 ----a-w- c:\windows\system32\ker.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 18:46:23.26 ===============

http://forums.spybot.info/showthread.php?t=63210

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 18:39:06.85 on Wed 06/01/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.779 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\Firewall\FWCfg.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\valued customer\application data\leadertech\powerregister\Seagate Product Registration.exe
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: - %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: - %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVENG.SYS [2011-5-30 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVEX15.SYS [2011-5-30 1542392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-5-17 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2011-5-17 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-27 08:08:02 6962000 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{da423d87-723a-46c3-b573-bd4152af2661}\mpengine.dll
2011-05-24 07:10:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2011-05-24 07:07:25 -------- d-----w- c:\docume~1\valued~1\applic~1\Memeo
2011-05-24 07:07:07 -------- d-----w- c:\docume~1\valued~1\applic~1\Seagate
2011-05-24 07:06:13 -------- d-----w- c:\program files\common files\Memeo
2011-05-24 07:06:06 -------- d-----w- c:\program files\Memeo
2011-05-24 07:05:25 -------- d-----w- c:\program files\Seagate
2011-05-17 18:31:07 3768 ----a-w- c:\windows\system32\SndTVideo.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\SndTAudio.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-05-17 18:31:07 200704 ----a-w- c:\windows\system32\snmvtsvc.exe
2011-05-17 18:31:07 10936 ----a-w- c:\windows\system32\SndTVideo.dll
2011-05-17 18:31:06 -------- d-----w- c:\program files\SoundTaxi
2011-05-17 17:53:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-06 03:32:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-05 00:22:17 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-05 00:22:15 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
.
==================== Find3M ====================
.
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 01:03:37 816 ----a-w- c:\windows\system32\ker.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 18:46:23.26 ===============

[shelf life]

hi RyanV,

Your post is a few days old. Reply back if you still need help.
Did you add that proxy server setting to FF?

http - 217.194.213.31

[RyanV]

Thanks! I do still need help. Yes I did, but wasn't using it and subsequently deleted it.

[shelf life]

ok. Malware can set up a proxy, thats why I asked.I see you have run several apps in the last few weeks. You think you still have malware?

[RyanV]

I'm not sure, all my threads were archived before it could be established that my computer was clean. So far I'm symptom free, but just want to be sure.

[shelf life]

You can navigate to c:\windows\ and delete the file: Npodowohonevo.bin
Other than that it looks ok. You can remove combofix like this if you havent already:
Start>run and type in: combofix /u
click ok or enter, note the space after the x and before the /

also if you havent you can make a new restore point, the how and the why:

One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

[RyanV]

Done and done! Thanks for the help!

[shelf life]

Ok. your welcome, some tips to help stay malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how for securing your browser for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything be nothing but malware or have malware bundled in it. Can you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.