Author Topic: Confirming virus is removed  (Read 4226 times)

0 Members and 1 Guest are viewing this topic.

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
Confirming virus is removed
« on: March 15, 2011, 01:43:11 AM »
Thank you again! :) I didn't find any anti-virus software or Norton--please confirm! Please let me know what other steps to take if needed. I ran the RSIT log but I didn't get an info log. I got this log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by lisa at 2011-03-14 21:34:01
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 57 GB (53%) free of 107 GB
Total RAM: 1014 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:22 PM, on 3/14/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H16FKN4T\RSIT[1].exe
C:\Program Files\trend micro\lisa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.umn.edu/twincities/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12939 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-01-01 382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-12 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
"LifeChat"=C:\Program Files\Microsoft LifeChat\LifeChat.exe [2008-08-21 267296]
"VWLASU"=C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe [2007-07-12 45056]
"VAIO Center Access Bar"=c:\program files\sony\VAIO Center Access Bar\VCAB.exe [2007-06-21 53248]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-06-29 133656]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-06-11 317560]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-06-29 137752]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-06-29 154136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-08 118784]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"TkBellExe"=c:\program files\real\realplayer\Update\realsched.exe [2011-01-01 274608]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WindowsLivePhone"=C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
 []

C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-06-29 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-24 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2011-03-13 10:24:59 ----A---- C:\Windows\system32\shsvcs.dll
2011-03-12 20:07:29 ----A---- C:\Windows\wininit.ini
2011-03-08 21:59:47 ----A---- C:\Windows\system32\EncDec.dll
2011-03-08 21:59:46 ----A---- C:\Windows\system32\sbe.dll
2011-03-08 21:59:45 ----A---- C:\Windows\system32\sbeio.dll
2011-03-08 21:59:36 ----A---- C:\Windows\system32\mstscax.dll
2011-03-08 21:59:35 ----A---- C:\Windows\system32\mstsc.exe
2011-03-05 21:59:50 ----A---- C:\Windows\system32\urlmon.dll
2011-03-05 21:59:50 ----A---- C:\Windows\system32\msrating.dll
2011-03-05 21:59:50 ----A---- C:\Windows\system32\msls31.dll
2011-03-05 21:59:49 ----A---- C:\Windows\system32\wininet.dll
2011-03-05 21:59:49 ----A---- C:\Windows\system32\jsproxy.dll
2011-03-05 21:59:49 ----A---- C:\Windows\system32\iertutil.dll
2011-03-05 21:59:48 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-03-05 21:59:47 ----A---- C:\Windows\system32\iesetup.dll
2011-03-05 21:59:47 ----A---- C:\Windows\system32\iernonce.dll
2011-03-05 21:59:47 ----A---- C:\Windows\system32\ieapfltr.dll
2011-03-05 21:59:47 ----A---- C:\Windows\system32\ie4uinit.exe
2011-03-05 21:59:47 ----A---- C:\Windows\system32\icardie.dll
2011-03-05 21:59:46 ----A---- C:\Windows\system32\webcheck.dll
2011-03-05 21:59:46 ----A---- C:\Windows\system32\url.dll
2011-03-05 21:59:46 ----A---- C:\Windows\system32\mshtmled.dll
2011-03-05 21:59:46 ----A---- C:\Windows\system32\licmgr10.dll
2011-03-05 21:59:46 ----A---- C:\Windows\system32\inseng.dll
2011-03-05 21:59:46 ----A---- C:\Windows\system32\iedkcs32.dll
2011-03-05 21:59:45 ----A---- C:\Windows\system32\wextract.exe
2011-03-05 21:59:45 ----A---- C:\Windows\system32\msfeeds.dll
2011-03-05 21:59:45 ----A---- C:\Windows\system32\iexpress.exe
2011-03-05 21:59:42 ----A---- C:\Windows\system32\vbscript.dll
2011-03-05 21:59:41 ----A---- C:\Windows\system32\pngfilt.dll
2011-03-05 21:59:41 ----A---- C:\Windows\system32\occache.dll
2011-03-05 21:59:41 ----A---- C:\Windows\system32\mshtml.dll
2011-03-05 21:59:41 ----A---- C:\Windows\system32\mshta.exe
2011-03-05 21:59:41 ----A---- C:\Windows\system32\ieUnatt.exe
2011-03-05 21:59:40 ----A---- C:\Windows\system32\jscript9.dll
2011-03-05 21:59:40 ----A---- C:\Windows\system32\jscript.dll
2011-03-05 21:59:40 ----A---- C:\Windows\system32\imgutil.dll
2011-03-05 21:59:40 ----A---- C:\Windows\system32\iepeers.dll
2011-03-05 21:59:40 ----A---- C:\Windows\system32\ieakui.dll
2011-03-05 21:59:40 ----A---- C:\Windows\system32\ieaksie.dll
2011-03-05 21:59:40 ----A---- C:\Windows\system32\advpack.dll
2011-03-05 21:59:40 ----A---- C:\Windows\system32\admparse.dll
2011-03-05 21:59:39 ----A---- C:\Windows\system32\msfeedssync.exe
2011-03-05 21:59:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-03-05 21:59:39 ----A---- C:\Windows\system32\ieakeng.dll
2011-03-05 21:59:39 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-03-05 21:59:38 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-03-05 21:59:38 ----A---- C:\Windows\system32\mshtmler.dll
2011-03-05 21:59:38 ----A---- C:\Windows\system32\ieui.dll
2011-03-05 21:59:38 ----A---- C:\Windows\system32\iesysprep.dll
2011-03-05 21:59:37 ----A---- C:\Windows\system32\ieframe.dll
2011-03-05 21:59:36 ----A---- C:\Windows\system32\dxtrans.dll
2011-03-05 21:59:36 ----A---- C:\Windows\system32\dxtmsft.dll
2011-03-05 21:57:54 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-03-05 21:57:54 ----A---- C:\Windows\system32\mfmp4src.dll
2011-03-05 21:57:54 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-03-05 21:57:54 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-03-05 21:57:53 ----A---- C:\Windows\system32\mf.dll
2011-03-05 21:57:52 ----A---- C:\Windows\system32\mfps.dll
2011-03-05 21:57:51 ----A---- C:\Windows\system32\mfplat.dll
2011-03-05 21:57:50 ----A---- C:\Windows\system32\stobject.dll
2011-03-05 21:57:50 ----A---- C:\Windows\system32\shdocvw.dll
2011-03-05 21:57:46 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-03-05 21:57:46 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-03-05 21:57:45 ----A---- C:\Windows\system32\FntCache.dll
2011-03-05 21:57:45 ----A---- C:\Windows\system32\DWrite.dll
2011-03-05 21:57:45 ----A---- C:\Windows\system32\d2d1.dll
2011-03-05 21:57:44 ----A---- C:\Windows\system32\d3d10warp.dll
2011-03-05 21:57:44 ----A---- C:\Windows\system32\d3d10level9.dll
2011-03-05 21:57:43 ----A---- C:\Windows\system32\d3d10core.dll
2011-03-05 21:57:43 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-03-05 21:57:43 ----A---- C:\Windows\system32\d3d10_1.dll
2011-03-05 21:57:43 ----A---- C:\Windows\system32\d3d10.dll
2011-03-05 21:57:42 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-03-05 21:57:42 ----A---- C:\Windows\system32\dxgi.dll
2011-03-05 21:57:42 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-03-05 21:57:42 ----A---- C:\Windows\system32\cdd.dll
2011-03-05 21:57:41 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-03-05 21:57:39 ----A---- C:\Windows\system32\xpsservices.dll
2011-03-05 21:57:39 ----A---- C:\Windows\system32\XpsPrint.dll
2011-03-05 21:57:39 ----A---- C:\Windows\system32\OpcServices.dll
2011-03-05 21:53:46 ----A---- C:\Windows\system32\WMPhoto.dll
2011-03-05 21:53:46 ----A---- C:\Windows\system32\dxdiagn.dll
2011-03-05 21:53:46 ----A---- C:\Windows\system32\dxdiag.exe
2011-03-05 21:53:45 ----A---- C:\Windows\system32\d3d11.dll
2011-03-05 21:53:44 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2011-03-05 21:53:44 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2011-03-05 21:53:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
2011-03-05 21:50:09 ----D---- C:\Program Files\Feedback Tool
2011-02-20 07:38:25 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1 months======

2011-03-14 21:34:17 ----D---- C:\Windows\Temp
2011-03-14 21:34:12 ----D---- C:\Program Files\trend micro
2011-03-14 21:18:14 ----D---- C:\Program Files\Coupons
2011-03-14 21:18:12 ----D---- C:\Windows
2011-03-14 21:16:08 ----D---- C:\Windows\system32\Tasks
2011-03-14 21:14:08 ----RD---- C:\Program Files
2011-03-14 21:08:15 ----D---- C:\Windows\System32
2011-03-14 21:08:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-14 21:08:14 ----D---- C:\Windows\inf
2011-03-14 21:03:27 ----D---- C:\Windows\Tasks
2011-03-14 20:55:47 ----SHD---- C:\Windows\Installer
2011-03-14 20:54:21 ----HD---- C:\Config.Msi
2011-03-14 20:54:19 ----D---- C:\Program Files\Common Files
2011-03-14 20:54:12 ----DC---- C:\Windows\system32\DRVSTORE
2011-03-14 20:54:12 ----D---- C:\Windows\system32\drivers
2011-03-14 20:46:42 ----D---- C:\Program Files\eFile Express 2009
2011-03-14 19:24:56 ----D---- C:\Users\lisa\AppData\Roaming\Corel
2011-03-14 19:19:27 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-14 19:17:29 ----D---- C:\Windows\winsxs
2011-03-14 19:15:31 ----SHD---- C:\System Volume Information
2011-03-14 19:11:22 ----A---- C:\Windows\system32\iolo.ini.txt
2011-03-13 19:05:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-13 19:04:51 ----D---- C:\Windows\system32\catroot
2011-03-13 19:04:45 ----D---- C:\Windows\system32\RTCOM
2011-03-13 19:03:49 ----A---- C:\Windows\DIFxAPI.dll
2011-03-13 18:57:18 ----D---- C:\Program Files\Windows Live
2011-03-13 18:50:55 ----D---- C:\ProgramData\Verizon Wireless
2011-03-13 10:20:55 ----D---- C:\Windows\system32\catroot2
2011-03-12 21:05:21 ----D---- C:\ProgramData\Google
2011-03-12 20:23:01 ----D---- C:\Program Files\Google
2011-03-12 20:19:21 ----D---- C:\Program Files\Adobe
2011-03-12 19:44:57 ----D---- C:\ProgramData\iolo
2011-03-12 19:36:40 ----D---- C:\Program Files\Yahoo!
2011-03-12 12:32:19 ----D---- C:\ProgramData\Microsoft Help
2011-03-09 20:48:22 ----A---- C:\Windows\system32\mrt.exe
2011-03-06 09:57:46 ----D---- C:\Windows\rescache
2011-03-06 08:31:54 ----D---- C:\Program Files\Mozilla Firefox
2011-03-05 22:06:06 ----RD---- C:\Windows\Offline Web Pages
2011-03-05 22:06:05 ----D---- C:\Windows\PolicyDefinitions
2011-03-05 22:06:04 ----D---- C:\Windows\system32\wbem
2011-03-05 22:06:04 ----D---- C:\Windows\system32\migration
2011-03-05 22:06:04 ----D---- C:\Windows\system32\en-US
2011-03-05 22:05:51 ----SD---- C:\Windows\Downloaded Program Files
2011-03-05 22:05:51 ----D---- C:\Program Files\Internet Explorer
2011-03-05 22:05:39 ----D---- C:\Windows\system32\drivers\en-US
2011-03-05 21:49:24 ----D---- C:\Windows\Logs
2011-02-20 07:41:05 ----D---- C:\Program Files\iTunes
2011-02-20 07:38:20 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-06-14 43528]
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2007-06-14 9336]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2007-06-14 9464]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-06-27 10216]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-01 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-01 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-08 140800]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-13 705024]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-01 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 1671680]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-11-06 27520]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-01 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-24 246784]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver; C:\Windows\system32\DRIVERS\PTUMWBus.sys [2009-07-18 54416]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port; C:\Windows\system32\DRIVERS\PTUMWCSP.sys [2009-07-18 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver; C:\Windows\system32\DRIVERS\PTUMWFLT.sys [2009-07-18 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver; C:\Windows\system32\DRIVERS\PTUMWMdm.sys [2009-07-18 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver; C:\Windows\system32\DRIVERS\PTUMWNET.sys [2009-07-18 114192]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port; C:\Windows\system32\DRIVERS\PTUMWNSP.sys [2009-07-18 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port; C:\Windows\system32\DRIVERS\PTUMWVsp.sys [2009-07-18 160400]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-05-24 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NSUService;NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-07-24 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-06-28 188416]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-06-28 184320]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-01 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 820008]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-16 194104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-09-18 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-13 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20117
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Confirming virus is removed
« Reply #1 on: March 15, 2011, 02:41:41 PM »
Hi, Lisa.

Based on our off-line discussion, I want to go to the "extreme" on checking this laptop, please do the following:

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.  

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline James

  • Full Member
  • ***
  • Posts: 102
  • Don't get around much any more...
    • View Profile
    • WindowsTalk
Re: Confirming virus is removed
« Reply #2 on: March 15, 2011, 04:25:33 PM »
Corrine, regarding ComboFix and the Windows Recovery Console, do not many PCs these days have their own version of the recovery console installed as part of their 'reinstallation' process? Would ComboFix recognize this if this were the case?
Thanks!
James M. Fisher
MS-MVP Windows Expert-Consumer
www.WindowsTalk.org

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20117
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Confirming virus is removed
« Reply #3 on: March 15, 2011, 04:36:03 PM »
Yes, if the Windows Recovery Console is already installed, ComboFix will see that and continue.  Although not advised, it is also possible to continue with ComboFix without installing the Windows Recovery Console. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline James

  • Full Member
  • ***
  • Posts: 102
  • Don't get around much any more...
    • View Profile
    • WindowsTalk
Re: Confirming virus is removed
« Reply #4 on: March 15, 2011, 06:51:53 PM »
Thanks for clarifying that Corrine. This why I like forums; one can learn so much practical info here.
James M. Fisher
MS-MVP Windows Expert-Consumer
www.WindowsTalk.org

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
C:\ComboFix.txt Re: Confirming virus is removed
« Reply #5 on: March 17, 2011, 12:28:16 AM »
Here is the log. I'll be back tomorrow night!

ComboFix 11-03-16.01 - lisa 03/16/2011  19:55:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1014.277 [GMT -5:00]
Running from: c:\users\lisa\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
c:\users\lisa\AppData\Roaming\completescan
c:\users\lisa\AppData\Roaming\install
c:\windows\system32\drivers\etc\lmhosts
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-17 to 2011-03-17  )))))))))))))))))))))))))))))))
.
.
2011-03-17 01:10 . 2011-03-17 01:10   --------   d-----w-   c:\users\lisa\AppData\Local\temp
2011-03-17 01:10 . 2011-03-17 01:10   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-03-16 00:38 . 2011-02-11 06:54   5943120   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{D58F0FBF-353E-4701-A311-BAA8ADBD9959}\mpengine.dll
2011-03-09 02:59 . 2010-12-29 18:28   429056   ----a-w-   c:\windows\system32\EncDec.dll
2011-03-09 02:59 . 2010-12-29 18:28   322560   ----a-w-   c:\windows\system32\sbe.dll
2011-03-09 02:59 . 2010-12-29 18:28   153088   ----a-w-   c:\windows\system32\sbeio.dll
2011-03-09 02:59 . 2010-12-29 18:26   177664   ----a-w-   c:\windows\system32\mpg2splt.ax
2011-03-09 02:59 . 2010-12-17 15:45   2067968   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-09 02:59 . 2010-12-17 13:54   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-03-06 02:57 . 2011-03-06 02:57   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-03-06 02:53 . 2011-03-06 02:53   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2011-03-06 02:53 . 2011-03-06 02:53   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2011-03-06 02:53 . 2011-03-06 02:53   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2011-03-06 02:53 . 2011-03-06 02:53   519680   ----a-w-   c:\windows\system32\d3d11.dll
2011-03-06 02:53 . 2011-03-06 02:53   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2011-03-06 02:53 . 2011-03-06 02:53   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2011-03-06 02:53 . 2011-03-06 02:53   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2011-03-06 02:50 . 2011-03-06 02:50   --------   d-----w-   c:\program files\Feedback Tool
2011-02-20 12:38 . 2011-02-20 12:38   --------   d-----w-   c:\program files\iPod
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 00:03 . 2007-08-26 21:08   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-03-06 02:53 . 2011-03-06 02:53   4096   ----a-w-   c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-02-02 23:11 . 2009-10-02 18:59   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-08 08:47 . 2011-02-12 17:03   34304   ----a-w-   c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-12 17:03   292352   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-01 14:58 . 2006-07-11 23:35   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-12-31 13:57 . 2011-02-12 17:16   2039808   ----a-w-   c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 02:22   413696   ----a-w-   c:\windows\system32\odbc32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-08-15 16:42   303104   ------w-   c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-01-01 274608]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39   1090952   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-07-18 54416]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys [2009-07-18 160400]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-07-18 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-07-18 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-07-18 114192]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys [2009-07-18 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-07-18 160400]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-13 292152]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-06 79736]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-01 02:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\5be7ahix.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=63323&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\lisa\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Dividend Miles Toolbar: {bdfb4ed0-af58-4b39-9ece-b9b90c41b946} - %profile%\extensions\{bdfb4ed0-af58-4b39-9ece-b9b90c41b946}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-WindowsLivePhone - c:\program files\Windows Live\Device Manager\msgrdvmn.exe
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\users\lisa\AppData\Local\{18FA3A4F-75BB-4F0E-B631-C9C47B7BD948}\NBCDirectInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-16 20:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-16  20:22:23
ComboFix-quarantined-files.txt  2011-03-17 01:22
.
Pre-Run: 60,042,809,344 bytes free
Post-Run: 61,166,403,584 bytes free
.
- - End Of File - - 126468F16C797AB58A70EFEE83006AD8
 

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20117
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Confirming virus is removed
« Reply #6 on: March 17, 2011, 01:28:43 PM »
Hi, Lisa!

Great work.  Now we're ready to finalize things.  First, please do the following:

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Now that the old antivirus suite has been removed, it is important to ensure that the Windows Vista firewall is turned on:

Click Start > Control Panel.  Under Security, click "Check this computer's security status". Make sure that the Windows Firewall is turned on.

Next, an antivirus software needs to be installed.  The following antivirus software programs are free for personal use, Microsoft Security Essentials being my favorite.  (Note if MSE is installed, it will deactivate Windows Defender since MSE includes the anti-spyware engine from Windows Defender.)

avast! 5 Home Edition
Avira AntiVir PersonalEdition Classic
Microsoft Security Essentials

To check if the computer is missing security updates or has insecure applications, install Secunia Personal Software Inspector or, alternatively, visit http://secunia.com/software_inspector/ .  The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications

Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Please let me know if you have any questions.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.