Beautiful! Well, not beautiful that you're infected . But, beautiful that you're on the road to disinfection.

Please reboot your machine and run the following tool in Normal Mode



Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Things are already looking up. Here's the ComboFix log. By the way, can you recommend a preventative program? I had Norton and let it lapse, which is what led to my current predicament.



ComboFix 09-06-28.01 - Mellisa 06/28/2009 22:35.1 - NTFSx86
Running from: c:\documents and settings\Mellisa\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\asomagil.ini
c:\windows\system32\config\systemprofile\Desktop\S ystem Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security
c:\windows\system32\drivers\SKYNETjdukqhhb.sys
c:\windows\system32\emagayim.ini
c:\windows\system32\inatuvum.ini
c:\windows\system32\iwagepaw.ini
c:\windows\system32\pokazejo.dll.tmp
c:\windows\system32\SKYNETnlotjnap.dat
c:\windows\system32\SKYNEToaoylyab.dll
c:\windows\system32\SKYNETtetqvbql.dll
c:\windows\system32\SKYNETusrbegwr.dat
c:\windows\system32\uwigaruz.ini
c:\windows\system32\vohodane.dll.tmp
c:\windows\system32\widahizi.dll.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETchyeuiqu

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-29 01:54 . 2009-06-29 03:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 23:47 . 2009-06-28 23:47 -------- d-----w- c:\documents and settings\Mellisa\Application Data\Malwarebytes
2009-06-28 23:47 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 23:47 . 2009-06-28 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 23:47 . 2009-06-28 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-28 23:47 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 19:21 . 2009-06-28 19:21 -------- d-sh--w- c:\documents and settings\Patrick\PrivacIE
2009-06-27 16:03 . 2009-06-27 16:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-27 16:03 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-27 16:03 . 2009-06-27 16:03 -------- d-----w- c:\documents and settings\Mellisa\Application Data\PC Tools
2009-06-27 16:03 . 2009-06-27 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-27 16:02 . 2009-06-27 16:03 -------- d-----w- c:\program files\Spyware Doctor
2009-06-27 02:41 . 2009-06-27 02:41 -------- d-sh--w- c:\documents and settings\Patrick\IETldCache
2009-06-25 03:08 . 2009-06-25 03:08 -------- d-sh--w- c:\documents and settings\Mellisa\IECompatCache
2009-06-18 00:51 . 2009-06-18 00:51 -------- d-sh--w- c:\documents and settings\Mellisa\PrivacIE
2009-06-18 00:47 . 2009-06-18 00:47 -------- d-sh--w- c:\documents and settings\Mellisa\IETldCache
2009-06-18 00:46 . 2009-06-18 00:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-06-18 00:39 . 2009-06-18 00:41 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-29 03:51 . 2008-12-15 15:08 72704 --sha-w- c:\documents and settings\All Users\Application Data\ExtendMedia\Media Agent\ac.dll
2009-06-29 03:50 . 2009-04-22 23:47 117760 ----a-w- c:\documents and settings\Mellisa\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-29 03:31 . 2005-08-10 19:22 9741 ----a-w- c:\windows\system32\wdf_dxs.dat
2009-06-28 23:40 . 2008-08-31 02:18 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-23 23:34 . 2004-11-16 05:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-15 11:43 . 2008-08-19 23:41 -------- d-----w- c:\program files\Common
2009-05-14 01:42 . 2009-05-14 01:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-14 01:42 . 2004-11-16 05:04 -------- d-----w- c:\program files\Java
2009-05-14 01:40 . 2009-05-14 01:40 152576 ----a-w- c:\documents and settings\Mellisa\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-22 14:27 . 2009-01-22 14:27 46592 --sha-w- c:\windows\system32\likebowa.exe
2009-04-22 01:08 . 2009-01-22 01:08 47616 --sha-w- c:\windows\system32\yaromido.exe
2009-04-06 18:32 . 2005-08-10 19:21 1563008 ----a-w- c:\windows\WRSetup.dll
2009-04-02 19:30 . 2009-04-02 19:30 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-02 19:30 . 2009-04-02 19:30 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-02 19:30 . 2009-04-02 19:30 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2006-03-15 22:31 . 2005-07-28 14:43 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\svchost.exe
[7] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ws2_32.dll
[7] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[7] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[7] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[7] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[7] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[7] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[7] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[7] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[7] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB931768$\wininet.dll
[7] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\$NtUninstallKB933566$\wininet.dll
[7] 2007-04-18 12:31 658944 B7156CD97E739F3014BC4D61758F868A c:\windows\$NtUninstallKB937143$\wininet.dll
[7] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\$NtUninstallKB939653$\wininet.dll
[7] 2007-08-22 13:12 658944 1901AD51DA8BE9F8B38D5D526E5D1788 c:\windows\$NtUninstallKB942615$\wininet.dll
[7] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows\$NtUninstallKB944533$\wininet.dll
[7] 2007-12-07 01:07 659456 57D1B5150CF6331FAC6B3E04C1FCB966 c:\windows\$NtUninstallKB947864$\wininet.dll
[7] 2008-02-16 08:59 659456 0C690E77C0E924C45B4D7045B182FFF1 c:\windows\$NtUninstallKB950759$\wininet.dll
[7] 2008-04-21 07:04 659456 1EFB8A3EA8454AEC1BB8A240A2845598 c:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-06-23 15:38 659456 9EEA04BC4C3FA521D256D89940FAB4DB c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2008-08-20 05:38 659456 87E694D09893978F22024FEEEDF35342 c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:30 659456 F1DBF177AA0DB2150E626595D0EFF604 c:\windows\ie8\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\wininet.dll
[7] 2009-03-08 09:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\wininet.dll
[7] 2009-03-08 09:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\winlogon.exe
[7] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ndis.sys
[7] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ip6fw.sys
[7] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-08-04 12:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-08-04 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\lsass.exe
[7] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ctfmon.exe
[7] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\userinit.exe
[7] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\termsrv.dll
[7] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[7] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-04 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\powrprof.dll
[7] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\imm32.dll
[7] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\sfcfiles.dll
[7] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\kbdclass.sys
[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 58992]
"Pinger"="c:\toshiba\IVP\ISM\pinger.exe" [2005-03-17 151552]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-07-13 100056]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-04-06 6345840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672]
"WebrootDesktopFirewall"="c:\program files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe" [2005-05-23 1920000]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-14 148888]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-10-28 88363]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-08-27 278528]
"CFSServ.exe"="CFSServ.exe" [BU]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-6-21 114688]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-12-7 155648]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"56231:TCP"= 56231:TCP:PandoRest Listening Port
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs 0bbc.sys [4/2/2009 2:30 PM 29808]
R1 pwipf2;pwipf2;c:\windows\system32\drivers\pwipf2.s ys [8/10/2005 2:21 PM 24576]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 6:29 PM 835208]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [4/21/2009 11:36 AM 1181040]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
R3 WebrootDesktopFirewallDataService;Webroot Desktop Firewall Data Service;c:\program files\Webroot\Desktop Firewall\WDFDataService.exe [8/10/2005 2:21 PM 665600]
R3 WebrootFirewall;Webroot Desktop Firewall;c:\program files\Webroot\Desktop Firewall\FirewallNTService.exe [8/10/2005 2:21 PM 192512]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixu stor.sys [6/21/2008 9:33 AM 6016]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-06-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Patrick.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 19:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Sonic RecordNow! - (no file)
HKU-Default-Run-jiziyonube - c:\windows\system32\lowiniwo.dll
SafeBoot-svcWRSSSDK

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-28 22:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\Vid_0d7d&????\? ??@???????????@???????B\RO????8??????????????????? ????????h?????A~?????????????b@?????????????????<$?|?????$?|??B~??@???E~????????????????????@?????? ?????????t??????????????|X$?|?????$?|Q$?|??????????????@
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\browselc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2009-06-29 23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-29 04:12
Pre-Run: 65,826,623,488 bytes free
Post-Run: 72,956,346,368 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
408 --- E O F --- 2009-04-17 11:42

Thanks pwo. I will look this over and get back you asap with a fix. As for a preventative program that requires a bit of explanation.

Malwarebytes:

Download From Here: http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

This is pretty much a malware remover's "bread and butter". Its scanning engine is such that it targets all the types of nasties I have noted above. One drawback is it does not have a realtime protection component with the free version. But, nonetheless is a VERY powerful program.

AVG 8:

Download from here: http://www.download.com/AVG-Anti-Virus/3000-2239_4-10385707.html?tag=mncol

This is an amazing Anti Virus program. It picks up almost all infections that are out there today, provided you have updated definitions. One advantage to this program that the others do not have is a realtime firewall. It runs in the background preventing you from getting infected in the first place.

Ad-Aware:

Download from here: http://www.download.com/Ad-Aware-Anniversary-Edition/3000-8022_4-10045910.html?tag=mncol

This is a must for any computer in my opinion. It targets a specific type of virus called Adware. These nasty infections can be used to steal your information, redirect your browser, and install things on your computer, among other things. Usually, infections of this type launch ads all over making browsing extremely difficult. Like the above program it should be set to run weekly and updated often.

Spybot S&D:

Download from here: http://www.download.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html?tag=mncol

Again, another amazing program. This program targets a specific type of virus called Spyware but I've seen it pick up all sorts of nasties. Like AVG it has the added advantage of a realtime protection firewall. One disadvantage to this program i've found is it takes up a lot of system resources and can slow your computer if the realtime firewall is enabled. You can easily fix this by disabling it however.

Online Scanners:

I have found also there are several online scanners which pick up infections none of these programs pick up on.

http://www.pandasecurity.com/homeusers/solutions/activescan/

and

http://www.virustotal.com/

VirusTotal allows you to upload a file you expect is infected and it will show you the results.

Firewalls:

Another major component to any protection schema that most people overlook is a Firewall. You can't do anything proactively with a firewall per se. But, having one running will allow you to control all inbound and outbound traffic. So, you can effectively police anything coming in to your computer, while policing how your computer "talks to" the outside world.

For some more information you may wish to peruse our Firewalls FAQ written by Senior PC Security Analyst Chiaz

Some Freeware options for firewall protection include:

Zone Alarm's Free Firewall:
http://www.zonealarm.com/security/en...e-firewall.htm

Outpost's Firewall Free:
Outpost Firewall FREE

These aren't the only options you have. You may wish to review our Downloads section for some more choices. Additionally, we have a PCHF Recommended set of software which has a tried and tested record of working.

One added advantage to ALL these programs is they're all free! In my humble opinion a subscription to anti-virus is going out the window and will soon be phased out by these freeware applications. However, there are indeed proprietary versions of software mentioned above out there inn addition to the "Big Three" Norton, Macafee, and Kaspersky

As I said above, I have yet to get really virused in 2 years. I run a few more programs than this but this is really all you need. I'm a little paranoid

One other utility I have found to be very useful is GRC's Shields Up!. If you navigate to the following link:https://www.grc.com/x/ne.dll?bh0bkyd2

You can perform several different tests to determine the stealthiness of your computer on the internet, vulnerability of open ports, among many other things.

It will allow you to correct any issues it finds, and make your computer more secure.

Lastly, I've found the browser which comes with Windows (Internet Explorer) is very vulnerable to being hacked and there are holes hackers can use to infect you.

If you aren't already I strongly urge you to download Firefox 3 from this link: http://www.mozilla.com/en-US/firefox/

In my opinion is the safest, most secure browser out right now. It still takes you to the same internet, like I said, just with added security.

It will allow you to import anything like bookmarks, passwords, saved sites, etc. when you install so you won't lose anything from Internet Explorer.

It also has a user friendly interface for clearing your Private Data (saved passwords, cookies, things you enter into search bars, websites you've visited) which can be used by hackers or viruses to redirect your browser to sites which look legitimate, however, are sites which steal personal information. Based on what you search for hackers will put something you are likely to trust.

If you would like some more in depth help customizing Firefox to be the most secure it can be let me know and I'd be glad to help.

Finally, one last piece of advice, watch where you go on the internet. It's as simple as that. Running these programs will be a great help in safeguarding you from the whackos out there who try and do this nasty stuff to us.

I am confident that if you follow these measures you will never have a major infection again

Thanks for all of the information. I will definitely incorporate your suggestions. I look forward to hearing your assessment of the ComboFix log.

pwo,

Please visit Virustotal

• Click the Browse.. button
• Navigate to the filec:\windows\system32\wdf_dxs.dat
• Click the Open button
• Click the Send button
• Copy and paste the results into a new reply in this thread please
• If VirusTotal is busy please use Jotti

==========================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt, and the VirusTotal URL's along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Here are the results:

VirusTotal link: http://www.virustotal.com/analisis/ae480ba95a3f3f9fa5c9b4c20ce71207707c1357f6c97e513c 0422381afe29bd-1246409117


ComboFix 09-06-29.07 - Mellisa 06/30/2009 20:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.231 [GMT -5:00]
Running from: c:\documents and settings\Mellisa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mellisa\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Webroot Desktop Firewall *disabled* {BB4D4DA2-E5DD-478B-94E2-2BBC705E48F3}
FILE ::
"c:\windows\system32\likebowa.exe"
"c:\windows\system32\yaromido.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\likebowa.exe
c:\windows\system32\yaromido.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-06-30 03:17 . 2009-06-14 21:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-30 03:11 . 2009-06-30 03:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 03:11 . 2009-06-30 03:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-30 03:11 . 2009-06-30 03:11 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 03:11 . 2009-06-30 03:11 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-30 03:11 . 2009-06-30 14:39 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-30 03:11 . 2009-06-30 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-30 03:10 . 2009-06-30 03:10 -------- d-----w- c:\program files\AVG
2009-06-30 03:10 . 2009-06-30 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-29 04:38 . 2009-06-29 04:38 -------- d-----w- c:\windows\ie8updates
2009-06-29 04:14 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-29 04:14 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-29 04:14 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-29 04:14 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-29 01:54 . 2009-07-01 00:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 23:47 . 2009-06-28 23:47 -------- d-----w- c:\documents and settings\Mellisa\Application Data\Malwarebytes
2009-06-28 23:47 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 23:47 . 2009-06-28 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 23:47 . 2009-06-28 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-28 23:47 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 19:21 . 2009-06-28 19:21 -------- d-sh--w- c:\documents and settings\Patrick\PrivacIE
2009-06-27 16:03 . 2009-06-27 16:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-27 16:03 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-27 16:03 . 2009-06-27 16:03 -------- d-----w- c:\documents and settings\Mellisa\Application Data\PC Tools
2009-06-27 16:03 . 2009-06-27 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-27 16:02 . 2009-06-27 16:03 -------- d-----w- c:\program files\Spyware Doctor
2009-06-27 02:41 . 2009-06-27 02:41 -------- d-sh--w- c:\documents and settings\Patrick\IETldCache
2009-06-25 03:08 . 2009-06-25 03:08 -------- d-sh--w- c:\documents and settings\Mellisa\IECompatCache
2009-06-18 00:51 . 2009-06-18 00:51 -------- d-sh--w- c:\documents and settings\Mellisa\PrivacIE
2009-06-18 00:47 . 2009-06-18 00:47 -------- d-sh--w- c:\documents and settings\Mellisa\IETldCache
2009-06-18 00:46 . 2009-06-18 00:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-06-18 00:39 . 2009-06-18 00:41 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-01 00:19 . 2009-04-22 23:47 117760 ----a-w- c:\documents and settings\Mellisa\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-01 00:12 . 2005-08-10 19:22 9611 ----a-w- c:\windows\system32\wdf_dxs.dat
2009-06-30 23:45 . 2004-11-16 05:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-29 04:41 . 2008-12-15 15:08 72704 --sha-w- c:\documents and settings\All Users\Application Data\ExtendMedia\Media Agent\ac.dll
2009-06-28 23:40 . 2008-08-31 02:18 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-15 11:43 . 2008-08-19 23:41 -------- d-----w- c:\program files\Common
2009-05-14 01:42 . 2009-05-14 01:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-14 01:42 . 2004-11-16 05:04 -------- d-----w- c:\program files\Java
2009-05-14 01:40 . 2009-05-14 01:40 152576 ----a-w- c:\documents and settings\Mellisa\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-13 05:15 . 2004-11-15 23:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2004-11-15 23:32 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2004-11-15 23:32 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-11-15 23:32 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 18:32 . 2005-08-10 19:21 1563008 ----a-w- c:\windows\WRSetup.dll
2009-04-02 19:30 . 2009-04-02 19:30 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-02 19:30 . 2009-04-02 19:30 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-02 19:30 . 2009-04-02 19:30 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2006-03-15 22:31 . 2005-07-28 14:43 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-29_03.50.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 05:46 . 2006-12-02 05:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-07-01 00:15 . 2009-07-01 00:15 16384 c:\windows\Temp\Perflib_Perfdata_81c.dat
+ 2004-11-15 23:32 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
- 2004-11-15 23:32 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
+ 2006-05-10 05:22 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-11-16 02:30 . 2009-06-29 04:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-11-16 02:30 . 2009-06-29 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-11-16 02:30 . 2009-06-29 04:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-11-16 02:30 . 2009-06-29 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-11-16 02:30 . 2009-06-29 02:01 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2004-11-16 02:30 . 2009-06-29 04:40 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-06-29 04:38 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-29 04:38 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2005-05-17 00:25 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
- 2005-05-17 00:25 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
+ 2004-11-15 23:32 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
+ 2004-11-15 23:32 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
- 2004-11-15 23:32 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-11-15 18:17 . 2009-06-29 04:40 350584 c:\windows\system32\FNTCACHE.DAT
- 2004-11-15 18:17 . 2009-03-12 12:31 350584 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-10 05:23 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2007-11-24 14:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2007-11-24 14:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-08 19:09 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 09:32 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 09:32 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-06-18 00:46 . 2009-06-29 01:52 245760 c:\windows\system32\config\systemprofile\IETldCach e\index.dat
+ 2009-06-18 00:46 . 2009-06-29 04:40 245760 c:\windows\system32\config\systemprofile\IETldCach e\index.dat
+ 2009-06-29 04:38 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-29 04:38 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-29 04:38 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-29 04:38 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-29 04:38 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-29 04:38 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2004-11-15 23:32 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2004-11-15 23:32 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
- 2009-03-08 09:32 . 2009-03-08 09:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:23 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:08 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-29 04:38 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-29 04:38 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-29 04:38 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-03-08 09:39 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2009-06-29 04:38 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 21:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 58992]
"Pinger"="c:\toshiba\IVP\ISM\pinger.exe" [2005-03-17 151552]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-07-13 100056]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-04-06 6345840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672]
"WebrootDesktopFirewall"="c:\program files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe" [2005-05-23 1920000]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-14 148888]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-10-28 88363]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-08-27 278528]
"CFSServ.exe"="CFSServ.exe" [BU]
c:\documents and settings\Patrick\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-6-21 114688]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-12-7 155648]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 03:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"56231:TCP"= 56231:TCP:PandoRest Listening Port
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs 0bbc.sys [4/2/2009 2:30 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/29/2009 10:11 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/29/2009 10:11 PM 108552]
R1 pwipf2;pwipf2;c:\windows\system32\drivers\pwipf2.s ys [8/10/2005 2:21 PM 24576]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 10:11 PM 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 6:29 PM 835208]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixu stor.sys [6/21/2008 9:33 AM 6016]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-06-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Patrick.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-30 20:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\Vid_0d7d&????\? ??@???????????@???????B\RO????8??????????????????? ????????h?????A~?????????????b@?????????????????<$?|?????$?|??B~??@???E~????????????????????@?????? ?????????t??????????????|X$?|?????$?|Q$?|??????????????@
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-07-01 20:22
ComboFix-quarantined-files.txt 2009-07-01 01:21
ComboFix2.txt 2009-06-29 04:12
Pre-Run: 72,791,863,296 bytes free
Post-Run: 72,944,091,136 bytes free
277 --- E O F --- 2009-06-29 04:38



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:38 PM, on 6/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: LNHelper.BarHelper - {05A34600-8920-479b-92A9-68FACF7BB8FA} - mscoree.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {86BE1CDA-4F72-4c2f-9526-8E6A22DF46ED} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [WebrootDesktopFirewall] C:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=29223
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Webroot Desktop Firewall Data Service (WebrootDesktopFirewallDataService) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe
O23 - Service: Webroot Desktop Firewall (WebrootFirewall) - Unknown owner - C:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
--
End of file - 14574 bytes

PWO,

It looks like we're almost done here. Let's just run an online scanner to make sure everything is gone.

Please go HERE to run Panda ActiveScan 2.0

• Click the big green Scan now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Once the scan is completed, please hit the notepad icon next to the text Export to:
• Save it to a convenient location such as your Desktop
• Post the contents of the ActiveScan.txt in your next reply

============================================

Additionally, I see that you have Two Anti-Virus programs installed.

Norton
AVG

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please Uninstall all but one of them using Control Panel, Add/Remove Programs.

If you remove Norton from Add/Remove Programs please follow up with running the Norton Removal Tool found here:

Download and run the Norton Removal Tool