Jump to content

Infected with several malware programs. Please help!


Recommended Posts

My notebook has been infected with several programs I can't seem to remove. I have run a mbam scan several times and it detects the programs and states that they have been removed only to show up after the next start up. One of the programs seems to have disabled the regedit function. I believe I am running the current version as I have updated it from another computer and transfered it via flash drive, but I'm not terribly tech savvy so I could have done the process incorrectly. The programs I'm dealing with are xp antivirus pro 2010 which I believe has been removed, DR Guard, Antimalware doctor and antimalware defender. Please advise as to what info I need to gather to proceed.

Link to post
Share on other sites

Hi mcpilot1642 And Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

On the infected PC try this please:

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Once you've gotten one of them to run then try to immediately run the following:

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hi mcpilot1642 And Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

On the infected PC try this please:

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Once you've gotten one of them to run then try to immediately run the following:

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Hi and thanks for the help. I tried to run combo fix and received a message " this man=chine does not have Microsoft recovery console installed. Click yes to have combo fix install it.

Shall I?

Link to post
Share on other sites

here's the combo-fix log

ComboFix 10-03-26.02 - Keiths 03/27/2010 14:38:43.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1581 [GMT -7:00]

Running from: c:\documents and settings\Keiths\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm

c:\documents and settings\All Users\Favorites\_favdata.dat

c:\documents and settings\Keiths\agrsmmsg .exe

c:\documents and settings\Keiths\alcmtr .exe

c:\documents and settings\Keiths\alcmtr.exe

c:\documents and settings\Keiths\Application Data\SystemProc

c:\documents and settings\Keiths\Local Settings\Application Data\av.exe

c:\documents and settings\Keiths\Local Settings\Temporary Internet Files\A66Od.jpg

c:\documents and settings\Keiths\Local Settings\Temporary Internet Files\DD0806.jpg

c:\documents and settings\Keiths\Local Settings\Temporary Internet Files\jg35hd67.jpg

c:\documents and settings\Keiths\Local Settings\Temporary Internet Files\jWc6GCYm.jpg

c:\documents and settings\Keiths\My Documents\rundll32.exe

c:\documents and settings\Keiths\rthdcpl .exe

c:\documents and settings\Keiths\rthdcpl.exe

c:\documents and settings\Keiths\rundll32 .exe

c:\documents and settings\Keiths\rundll32.exe

c:\documents and settings\Keiths\tpsmain .exe

c:\documents and settings\Lisa\alcmtr.exe

c:\documents and settings\Lisa\rthdcpl.exe

c:\program files\Adobe\1145234.old

c:\program files\Adobe\364078.old

c:\program files\Adobe\76363625.old

c:\program files\Adobe\acrotray .exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf

c:\recycler\S-1-5-21-4028359202-722901303-932418291-500

c:\windows\Install.txt

c:\windows\system32\agrsmmsg .exe

c:\windows\system32\alcmtr .exe

c:\windows\system32\app_dll.dll

c:\windows\system32\config\systemprofile\Local Settings\Application Data\av.exe

c:\windows\system32\config\systemprofile\Local Settings\Application Data\MSASCui.exe

c:\windows\system32\ctfmon .exe

c:\windows\system32\drivers\cuybfhn.sys

c:\windows\system32\hkcmd .exe

c:\windows\system32\igfxpers .exe

c:\windows\system32\igfxtray .exe

c:\windows\system32\Install.txt

c:\windows\system32\rthdcpl .exe

c:\windows\system32\rthdcpl.exe

c:\windows\system32\rundll32 .exe

c:\windows\system32\tpsmain .exe

c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

c:\windows\v0470mon .exe

C:\xcrashdump.dat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_AFINDING

-------\Legacy_IAS

-------\Legacy_MACIDWE

-------\Legacy_NOBICYT

-------\Legacy_NOXTCYR

-------\Legacy_PERFS

-------\Legacy_ROUTING

-------\Legacy_ROXTCTM

-------\Legacy_SOBICYT

-------\Legacy_SOTPECA

-------\Legacy_TDSSSERV.SYS

-------\Legacy_TDXDOWKC

-------\Legacy_WSERVING

-------\Service_6to4

-------\Service_Ias

-------\Legacy_cuybfhn

-------\Service_cuybfhn

((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))

.

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE

2010-03-27 15:28 . 2006-09-19 16:26 40960 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe

2010-03-27 15:28 . 2006-09-19 16:26 325 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat

2010-03-27 15:28 . 2006-09-19 16:26 1824884 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe

2010-03-27 15:28 . 2006-09-19 16:26 180224 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe

2010-03-27 15:28 . 2006-09-19 16:26 15 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat

2010-03-26 06:13 . 2010-03-26 06:13 4 ----a-w- c:\program files\3696421.dat

2010-03-26 05:11 . 2010-03-26 05:11 4 ----a-w- c:\program files\4367265.dat

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\agrsmmsg.exe

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\tpsmain.exe

2010-03-17 03:57 . 2010-03-17 03:57 -------- d-----w- c:\program files\CCleaner

2010-03-15 08:50 . 2010-03-15 08:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-03-14 23:07 . 2010-03-14 23:07 -------- d-----w- c:\documents and settings\Keiths\Application Data\AVG8

2010-03-14 21:09 . 2010-03-27 21:35 -------- d-----w- c:\program files\Windows Defender

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2139046.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2118015.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117906.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117812.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117703.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117609.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117500.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117296.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117203.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117093.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2116703.dat

2010-03-14 16:26 . 2010-03-14 16:26 4 ----a-w- c:\program files\4829375.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974265.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974046.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5973437.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5972984.dat

2010-03-13 00:35 . 2010-03-13 00:36 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes

2010-03-13 00:28 . 2006-07-19 23:49 3774 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}\_644366bb.exe

2010-03-13 00:28 . 2006-09-29 07:19 35072 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-13 00:28 . 2006-07-19 23:49 136 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\fusioncache.dat

2010-03-12 20:43 . 2010-03-12 20:43 4 ----a-w- c:\program files\4949765.dat

2010-03-12 18:35 . 2010-03-12 18:35 4 ----a-w- c:\program files\2564218.dat

2010-03-06 22:56 . 2010-03-06 22:56 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes

2010-03-06 09:33 . 2010-03-06 09:33 4 ----a-w- c:\program files\2065812.dat

2010-03-06 08:59 . 2010-03-06 08:59 4 ----a-w- c:\program files\3514593.dat

2010-03-06 03:04 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\igfxtray.exe

2010-03-05 22:21 . 2010-03-05 22:21 696832 ----a-w- c:\windows\is-MP6M1.exe

2010-03-05 22:04 . 2010-03-05 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2010-03-05 18:32 . 2010-03-27 21:16 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg.exe

2010-03-05 18:32 . 2010-03-27 21:15 43008 ----a-w- c:\documents and settings\Keiths\tpsmain.exe

2010-03-05 17:32 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\agrsmmsg.exe

2010-03-05 17:32 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\alcmtr.exe

1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\program files\184234.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-27 21:35 . 2009-04-17 22:35 43008 ----a-w- c:\windows\v0470mon .exe

2010-03-27 21:35 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\hkcmd .exe

2010-03-27 21:35 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\igfxpers .exe

2010-03-27 21:35 . 2010-03-06 03:04 43008 ----a-w- c:\windows\system32\igfxtray .exe

2010-03-27 21:35 . 2006-07-20 00:27 43008 ----a-w- c:\windows\system32\tpsmain.exe

2010-03-27 21:16 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg .exe

2010-03-27 21:15 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\tpsmain .exe

2010-03-26 18:32 . 2009-01-17 20:27 -------- d-----w- c:\program files\fixer #2

2010-03-17 05:57 . 2006-07-20 02:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee

2010-03-16 07:06 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-03-14 23:04 . 2009-01-19 06:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-14 23:02 . 2009-10-04 02:55 117760 ----a-w- c:\documents and settings\Keiths\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-13 03:27 . 2009-01-18 03:24 1100 ----a-w- c:\windows\system32\d3d8caps.dat

2010-03-06 03:12 . 2009-01-18 04:56 -------- d-----w- c:\program files\testy

2010-03-05 21:42 . 2007-01-29 04:50 -------- d-----w- c:\documents and settings\Keiths\Application Data\U3

2010-03-05 17:31 . 2010-03-05 17:30 933888 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-01 19:49 . 2009-07-18 09:52 256 ----a-w- c:\windows\system32\pool.bin

2010-01-08 00:07 . 2009-01-18 04:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2009-01-18 04:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2006-07-19 00:48 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-07-19 00:47 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-07-19 00:46 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-07-19 00:47 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-10-30 17:17 . 2009-10-30 17:17 0 ----a-w- c:\program files\FlickrUploadr-3.2.1-2009.06.02.01-en.exe

2009-10-18 01:36 . 2009-10-18 01:36 5521440 ----a-w- c:\program files\scam.exe

2009-09-20 01:02 . 2009-09-20 01:02 1084920 ----a-w- c:\program files\yahoomailuploader_0.5.exe

2007-12-24 17:19 . 2007-12-24 17:19 6856007 ----a-w- c:\program files\pmconverter.exe

1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\program files\328718.dat

.

<pre>
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\testy\mbam .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe
c:\windows\v0470mon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2010-03-27 43008]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-27 43008]

"Remote System Protection"="c:\windows\system32\mi097srwq.dll" [N/A]

"dbf70700.exe"="c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700.exe" [2010-03-27 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\documents and settings\Keiths\Application Data\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-27 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-27 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-27 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-27 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-27 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-27 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-27 43008]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2010-03-27 43008]

"TPSMain"="TPSMain.exe" [2010-03-27 43008]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2010-03-27 43008]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2010-03-27 43008]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-03-27 43008]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-03-27 43008]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-03-27 43008]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-03-27 43008]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-03-27 43008]

"AGRSMMSG"="AGRSMMSG.exe" [2010-03-27 43008]

"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2010-03-27 43008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2010-03-27 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\windows\system32\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-03-27 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-03-27 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

a0ab019a-bf96-4236-a06d-3379b377cb79_24.lnk - c:\windows\system32\rundll32.exe [2006-7-18 33280]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]

ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-07-02 07:13 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]

2007-05-02 17:30 151552 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Software Update]

2007-01-04 22:18 481200 ------w- c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-11-17 09:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-27 21:52 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]

2006-04-26 00:57 299008 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dr. Guard]

c:\program files\Dr. Guard\drguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2005-12-16 09:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]

2009-03-27 22:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

c:\program files\McAfee.com\Agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

c:\progra~1\McAfee\MHN\McENUI.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2006-11-07 22:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2010-03-27 21:15 43008 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

2005-12-06 05:06 1077322 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 20:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2005-04-26 23:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]

c:\program files\Spyware Guard 2008\spywareguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-01-30 06:56 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-03-27 21:52 43008 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-03-02 23:02 761948 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

TFncKy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

2006-08-02 23:52 364544 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOY5KNQ8OC]

c:\docume~1\keiths\locals~1\temp\iz1 .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\j2re1.4.2_19\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 12:06 PM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 55024]

R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [5/18/2008 4:00 PM 108768]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [6/1/2009 10:32 AM 23096]

S0 cuie;cuie;c:\windows\system32\drivers\hfdmm.sys --> c:\windows\system32\drivers\hfdmm.sys [?]

S0 tpram;tpram;c:\windows\system32\drivers\fdpsiru.sys --> c:\windows\system32\drivers\fdpsiru.sys [?]

S0 twIbpo;twIbpo;c:\windows\system32\drivers\cgtfmfkt.sys --> c:\windows\system32\drivers\cgtfmfkt.sys [?]

S2 gupdate1c9c0777e3036e0;Google Update Service (gupdate1c9c0777e3036e0);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2009 3:46 PM 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/18/2008 3:57 PM 1527900]

S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/1/2009 10:32 AM 245760]

S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/18/2008 3:58 PM 544768]

S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [4/17/2009 3:35 PM 146368]

.

Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-27 21:52]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-27 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: acoustica.com

Trusted Zone: acoustica.com\www

Trusted Zone: blackberry.com\na

Trusted Zone: blackberry.com\www

Trusted Zone: download.com

Trusted Zone: informer.com\free-video-to-mp3-converter.software

Trusted Zone: informer.com\software

Trusted Zone: napster.com

Trusted Zone: nirsoft.net\www

Trusted Zone: photodex.com\www

Trusted Zone: sbc.com\yahoo

Trusted Zone: sbcglobal.net

Trusted Zone: smilebox.com\www

Trusted Zone: turbotax.com

Trusted Zone: yahoo.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

FF - ProfilePath - c:\documents and settings\Keiths\Application Data\Mozilla\Firefox\Profiles\ro0qk3ph.default\

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - plugin: c:\documents and settings\Keiths\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Antimalware Defender - c:\program files\Antimalware Defender\Antimalware Defender.dll

AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

@DACL=(02 0000)

@SACL=

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\crypto.dll

c:\program files\Protector Suite QL\biokmd.dll

c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(956)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(2352)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Photodex\ProShowGold\ScsiAccess.exe

c:\windows\system32\skeys.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\system32\TODDSrv.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\TPSMain.exe

c:\windows\RTHDCPL.EXE

c:\program files\toshiba\tvs\tvstray .exe

c:\program files\quicktime\qttask .exe

c:\program files\intel\wireless\bin\zcfgsvc .exe

c:\program files\protector suite ql\psqltray.exe

c:\program files\intel\wireless\bin\ifrmewrk .exe

c:\program files\java\jre1.5.0_06\bin\jusched .exe

c:\program files\windows defender\msascui .exe

c:\program files\toshiba\toscdspd\toscdspd .exe

c:\program files\google\googletoolbarnotifier\googletoolbarnotifier .exe

c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe

.

**************************************************************************

.

Completion time: 2010-03-27 14:55:08 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-27 21:55

Pre-Run: 36,025,151,488 bytes free

Post-Run: 39,800,111,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 0A6D2910E7DDE56C1A3799C7759D366A

Link to post
Share on other sites

We still have a lot of work ahead of us! This infection is VERY obstinate! I know you PC is running somewhat better now. A rootkit had replaced your ide driver atapi.sys file with malware. But ComboFix fixed it... :) Please stay off this PC until I come back with some instructions. In the next 24 hours.

Thanks Kenny

Link to post
Share on other sites

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Lets run a Run CFScript and run Malwarebytes for the rest of the infections.

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

AtJob::

File::
c:\program files\internet explorer\wmpscfgs.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"=-

RenV::
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\QuickTime\qttask
c:\program files\testy\mbam .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe
c:\windows\v0470mon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rundll32 .exe

Driver::
tpram
cuie
SVRPEDRV

DDS::
Trusted Zone: acoustica.com
Trusted Zone: acoustica.com\www
Trusted Zone: blackberry.com\na
Trusted Zone: blackberry.com\www
Trusted Zone: download.com
Trusted Zone: informer.com\free-video-to-mp3-converter.software
Trusted Zone: informer.com\software
Trusted Zone: napster.com
Trusted Zone: nirsoft.net\www
Trusted Zone: photodex.com\www
Trusted Zone: sbc.com\yahoo
Trusted Zone: sbcglobal.net
Trusted Zone: smilebox.com\www
Trusted Zone: turbotax.com
Trusted Zone: yahoo.com

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with MBAM log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

CFScript.txt

MBAM report

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Link to post
Share on other sites

Here are the new combo fix and MBAM logs. Unfortunately, after I ran the MBAM I restarted the computer and the antimalware defender came back. With hindsight, I realized you didn't ask me to restart so I hope I haven't messed up your efforts to date. After the clean MBAM scan, I thought you had the problem licked.

ComboFix 10-03-26.02 - Keiths 03/27/2010 17:47:01.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1514 [GMT -7:00]

Running from: c:\documents and settings\Keiths\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Keiths\Desktop\CFScript.txt

FILE ::

"c:\program files\internet explorer\wmpscfgs.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Keiths\agrsmmsg .exe

c:\documents and settings\Keiths\rthdcpl .exe

c:\documents and settings\Keiths\rthdcpl.exe

c:\documents and settings\Keiths\rundll32.exe

c:\documents and settings\Keiths\tpsmain .exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\windows\system32\ctfmon .exe

c:\windows\system32\hkcmd .exe

c:\windows\system32\igfxpers .exe

c:\windows\system32\igfxtray .exe

c:\windows\system32\rundll32 .exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

c:\windows\v0470mon .exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SVRPEDRV

-------\Service_cuie

-------\Service_SVRPEDRV

-------\Service_tpram

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))

.

2010-03-27 21:10 . 2010-03-27 21:55 -------- d-----w- C:\Combo-Fix

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE

2010-03-27 15:28 . 2006-09-19 16:26 40960 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe

2010-03-27 15:28 . 2006-09-19 16:26 325 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat

2010-03-27 15:28 . 2006-09-19 16:26 1824884 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe

2010-03-27 15:28 . 2006-09-19 16:26 180224 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe

2010-03-27 15:28 . 2006-09-19 16:26 15 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat

2010-03-26 06:13 . 2010-03-26 06:13 4 ----a-w- c:\program files\3696421.dat

2010-03-26 05:11 . 2010-03-26 05:11 4 ----a-w- c:\program files\4367265.dat

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\agrsmmsg.exe

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\tpsmain.exe

2010-03-17 03:57 . 2010-03-17 03:57 -------- d-----w- c:\program files\CCleaner

2010-03-15 08:50 . 2010-03-15 08:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-03-14 23:07 . 2010-03-14 23:07 -------- d-----w- c:\documents and settings\Keiths\Application Data\AVG8

2010-03-14 21:09 . 2010-03-28 00:48 -------- d-----w- c:\program files\Windows Defender

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2139046.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2118015.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117906.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117812.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117703.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117609.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117500.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117296.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117203.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117093.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2116703.dat

2010-03-14 16:26 . 2010-03-14 16:26 4 ----a-w- c:\program files\4829375.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974265.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974046.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5973437.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5972984.dat

2010-03-13 00:35 . 2010-03-13 00:36 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes

2010-03-13 00:28 . 2006-07-19 23:49 3774 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}\_644366bb.exe

2010-03-13 00:28 . 2006-09-29 07:19 35072 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-13 00:28 . 2006-07-19 23:49 136 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\fusioncache.dat

2010-03-12 20:43 . 2010-03-12 20:43 4 ----a-w- c:\program files\4949765.dat

2010-03-12 18:35 . 2010-03-12 18:35 4 ----a-w- c:\program files\2564218.dat

2010-03-06 22:56 . 2010-03-06 22:56 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes

2010-03-06 09:33 . 2010-03-06 09:33 4 ----a-w- c:\program files\2065812.dat

2010-03-06 08:59 . 2010-03-06 08:59 4 ----a-w- c:\program files\3514593.dat

2010-03-06 03:04 . 2010-03-28 00:48 43008 ----a-w- c:\windows\system32\igfxtray.exe

2010-03-05 22:21 . 2010-03-05 22:21 696832 ----a-w- c:\windows\is-MP6M1.exe

2010-03-05 22:04 . 2010-03-05 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2010-03-05 18:32 . 2010-03-27 22:22 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg.exe

2010-03-05 18:32 . 2010-03-27 22:21 43008 ----a-w- c:\documents and settings\Keiths\tpsmain.exe

2010-03-05 17:32 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\agrsmmsg.exe

2010-03-05 17:32 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\alcmtr.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-28 00:59 . 2009-04-17 22:35 43008 ----a-w- c:\windows\v0470mon.exe

2010-03-28 00:59 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\hkcmd.exe

2010-03-28 00:59 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\igfxpers.exe

2010-03-28 00:59 . 2006-09-29 07:17 -------- d-----w- c:\program files\Protector Suite QL

2010-03-28 00:59 . 2007-12-24 07:31 -------- d-----w- c:\program files\QuickTime

2010-03-28 00:59 . 2010-03-28 00:59 43008 ----a-w- c:\documents and settings\Keiths\rthdcpl.exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 -------- d-----w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-28 00:58 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700.exe

2010-03-28 00:48 . 2009-04-17 22:35 43008 ----a-w- c:\windows\v0470mon .exe

2010-03-28 00:48 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\hkcmd .exe

2010-03-28 00:48 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\igfxpers .exe

2010-03-28 00:48 . 2010-03-06 03:04 43008 ----a-w- c:\windows\system32\igfxtray .exe

2010-03-27 22:22 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg .exe

2010-03-27 22:21 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\tpsmain .exe

2010-03-27 21:35 . 2006-07-20 00:27 43008 ----a-w- c:\windows\system32\tpsmain.exe

2010-03-26 18:32 . 2009-01-17 20:27 -------- d-----w- c:\program files\fixer #2

2010-03-17 05:57 . 2006-07-20 02:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee

2010-03-16 07:06 . 2004-08-03 22:59 96512 ------w- c:\windows\system32\drivers\atapi.sys

2010-03-14 23:04 . 2009-01-19 06:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-14 23:02 . 2009-10-04 02:55 117760 ----a-w- c:\documents and settings\Keiths\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-13 03:27 . 2009-01-18 03:24 1100 ----a-w- c:\windows\system32\d3d8caps.dat

2010-03-06 03:12 . 2009-01-18 04:56 -------- d-----w- c:\program files\testy

2010-03-05 21:42 . 2007-01-29 04:50 -------- d-----w- c:\documents and settings\Keiths\Application Data\U3

2010-03-05 17:31 . 2010-03-05 17:30 933888 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-01 19:49 . 2009-07-18 09:52 256 ----a-w- c:\windows\system32\pool.bin

2010-01-08 00:07 . 2009-01-18 04:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2009-01-18 04:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2006-07-19 00:48 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-07-19 00:47 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-07-19 00:46 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-07-19 00:47 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-10-30 17:17 . 2009-10-30 17:17 0 ----a-w- c:\program files\FlickrUploadr-3.2.1-2009.06.02.01-en.exe

2009-10-18 01:36 . 2009-10-18 01:36 5521440 ----a-w- c:\program files\scam.exe

2009-09-20 01:02 . 2009-09-20 01:02 1084920 ----a-w- c:\program files\yahoomailuploader_0.5.exe

2007-12-24 17:19 . 2007-12-24 17:19 6856007 ----a-w- c:\program files\pmconverter.exe

1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\program files\371218.dat

.

<pre>
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\testy\mbam .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe
c:\windows\v0470mon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2010-03-28 43008]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 43008]

"dbf70700.exe"="c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\documents and settings\Keiths\Application Data\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2010-03-28 43008]

"TPSMain"="TPSMain.exe" [2010-03-28 43008]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-28 43008]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2010-03-28 43008]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2010-03-28 43008]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-03-28 43008]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-03-28 43008]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-03-28 43008]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-03-28 43008]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-03-28 43008]

"AGRSMMSG"="AGRSMMSG.exe" [2010-03-28 43008]

"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2010-03-28 43008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\windows\system32\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-03-28 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-03-28 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

a0ab019a-bf96-4236-a06d-3379b377cb79_24.lnk - c:\windows\system32\rundll32.exe [2006-7-18 33280]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]

ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-07-02 07:13 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]

2007-05-02 17:30 151552 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Software Update]

2007-01-04 22:18 481200 ------w- c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-11-17 09:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-28 00:58 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]

2006-04-26 00:57 299008 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dr. Guard]

c:\program files\Dr. Guard\drguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2005-12-16 09:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]

2009-03-27 22:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

c:\program files\McAfee.com\Agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

c:\progra~1\McAfee\MHN\McENUI.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2006-11-07 22:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

2005-12-06 05:06 1077322 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 20:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2005-04-26 23:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]

c:\program files\Spyware Guard 2008\spywareguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-01-30 06:56 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-03-28 00:58 43008 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-03-02 23:02 761948 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

TFncKy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

2006-08-02 23:52 364544 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOY5KNQ8OC]

c:\docume~1\keiths\locals~1\temp\iz1 .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\j2re1.4.2_19\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 12:06 PM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 55024]

R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [5/18/2008 4:00 PM 108768]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [6/1/2009 10:32 AM 23096]

S0 twIbpo;twIbpo;c:\windows\system32\drivers\cgtfmfkt.sys --> c:\windows\system32\drivers\cgtfmfkt.sys [?]

S2 gupdate1c9c0777e3036e0;Google Update Service (gupdate1c9c0777e3036e0);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2009 3:46 PM 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/18/2008 3:57 PM 1527900]

S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/1/2009 10:32 AM 245760]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/18/2008 3:58 PM 544768]

S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [4/17/2009 3:35 PM 146368]

.

Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 00:59]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

FF - ProfilePath - c:\documents and settings\Keiths\Application Data\Mozilla\Firefox\Profiles\ro0qk3ph.default\

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-27 17:57

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\rundll32 .exe 33280 bytes executable

c:\windows\system32\igfxtray .exe 43008 bytes executable

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

@DACL=(02 0000)

@SACL=

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\crypto.dll

c:\program files\Protector Suite QL\biokmd.dll

c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(964)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(728)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Photodex\ProShowGold\ScsiAccess.exe

c:\windows\system32\skeys.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\system32\TODDSrv.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\TPSMain.exe

c:\windows\RTHDCPL.EXE

c:\program files\toshiba\tvs\tvstray .exe

c:\program files\quicktime\qttask .exe

c:\program files\protector suite ql\psqltray.exe

c:\program files\intel\wireless\bin\zcfgsvc .exe

c:\program files\intel\wireless\bin\ifrmewrk .exe

c:\program files\toshiba\toscdspd\toscdspd .exe

c:\program files\windows defender\msascui .exe

c:\program files\java\jre1.5.0_06\bin\jusched .exe

.

**************************************************************************

.

Completion time: 2010-03-27 18:02:14 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-28 01:02

ComboFix2.txt 2010-03-27 21:55

Pre-Run: 39,806,578,688 bytes free

Post-Run: 39,754,756,096 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - D6DD6E0E018D650C7A465683043AB2FD

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

3/27/2010 6:15:49 PM

mbam-log-2010-03-27 (18-15-49).txt

Scan type: Quick Scan

Objects scanned: 142923

Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I thought you had the problem licked.

LOL.... :) I wish we would clean you PC in a few posts. Your doing well that's one reason we got this far so fast.

I really do not like to run ComboFix twice because it so powerful, but your system is severely infected. Well, we got most of it. But some of the programs have been infected and we need to run RenV directive again because it was done wrong on my end.... :)

Drag ComboFix Iron into the Recycle Bin. Off your Desktop. And we'll run it again. Then run another CFScript....... :) Also, there,s no need to install the Microsoft Windows Recovery Console this time.

Delete the copy of ComboFix you have (Drag ComboFix Iron into the Recycle Bin) & download it again from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):

Link 1

Link 2

**IMPORTANT !!! RENAME ComboFix.exe to Combo-Fix BEFORE you save it to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

Link to post
Share on other sites

OK, I think I understand everything except I need to make sure I am complying with your instructions on these two items:

" we need to run RenV directive again"

I'm not familiar with this. Is this another name for something we've already run?

" Then run another CFScript....... :)"

You want me to run the same file that you had me name CFScript. txt before?

My internet wifi connection has been disabled by one of these buggers so I have been transfering files back and forth from a clean computer. Is is ok to use my combofix program stored on my flash drive from yesterday, or do I need to try to download a new copy directly to my laptop?

You also express concern over running combofix twice. Is there a large chance of this messing up my system?

Link to post
Share on other sites

we need to run RenV directive again"

I'm not familiar with this. Is this another name for something we've already run?

We'll do this after you post a new ComboFix log.

My internet wifi connection has been disabled by one of these buggers so I have been transfering files back and forth from a clean computer. Is is ok to use my combofix program stored on my flash drive from yesterday, or do I need to try to download a new copy directly to my laptop?

Yes a new copy. And you can use your flash drive.

You also express concern over running combofix twice. Is there a large chance of this messing up my system?

Yes that's the reason why we installed a Recovery Console. In case something does happen. I have used ComboFix on forums and with my machines and never had a problem. But this system has very heavy malware infections. You may want to consider saving your documents, then wiping and reloading Windows fresh. That may well be the safest thing to do. If so, let me know.

Link to post
Share on other sites

here's the latest combofix log

ComboFix 10-03-28.01 - Keiths 03/28/2010 9:40.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1482 [GMT -7:00]

Running from: G:\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Keiths\LOCALS~1\Temp\wrk5.tmp

c:\documents and settings\Keiths\agrsmmsg .exe

c:\documents and settings\Keiths\Local Settings\temp\wrk5.tmp

c:\documents and settings\Keiths\rthdcpl .exe

c:\documents and settings\Keiths\rthdcpl.exe

c:\documents and settings\Keiths\tpsmain .exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\windows\system32\agrsmmsg .exe

c:\windows\system32\ctfmon .exe

c:\windows\system32\hkcmd .exe

c:\windows\system32\igfxpers .exe

c:\windows\system32\igfxtray .exe

c:\windows\system32\rthdcpl.exe

c:\windows\system32\rundll32 .exe

c:\windows\system32\tpsmain .exe

c:\windows\v0470mon .exe

.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))

.

2010-03-27 21:10 . 2010-03-27 21:55 -------- d-----w- C:\Combo-Fix

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE

2010-03-27 15:28 . 2006-09-19 16:26 40960 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe

2010-03-27 15:28 . 2006-09-19 16:26 325 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat

2010-03-27 15:28 . 2006-09-19 16:26 1824884 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe

2010-03-27 15:28 . 2006-09-19 16:26 180224 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe

2010-03-27 15:28 . 2006-09-19 16:26 15 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat

2010-03-26 06:13 . 2010-03-26 06:13 4 ----a-w- c:\program files\3696421.dat

2010-03-26 05:11 . 2010-03-26 05:11 4 ----a-w- c:\program files\4367265.dat

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\agrsmmsg.exe

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\tpsmain.exe

2010-03-17 03:57 . 2010-03-17 03:57 -------- d-----w- c:\program files\CCleaner

2010-03-15 08:50 . 2010-03-15 08:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-03-14 23:07 . 2010-03-14 23:07 -------- d-----w- c:\documents and settings\Keiths\Application Data\AVG8

2010-03-14 21:09 . 2010-03-28 06:01 -------- d-----w- c:\program files\Windows Defender

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2139046.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2118015.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117906.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117812.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117703.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117609.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117500.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117296.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117203.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117093.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2116703.dat

2010-03-14 16:26 . 2010-03-14 16:26 4 ----a-w- c:\program files\4829375.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974265.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974046.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5973437.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5972984.dat

2010-03-13 00:35 . 2010-03-13 00:36 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes

2010-03-13 00:28 . 2006-07-19 23:49 3774 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}\_644366bb.exe

2010-03-13 00:28 . 2006-09-29 07:19 35072 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-13 00:28 . 2006-07-19 23:49 136 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\fusioncache.dat

2010-03-12 20:43 . 2010-03-12 20:43 4 ----a-w- c:\program files\4949765.dat

2010-03-12 18:35 . 2010-03-12 18:35 4 ----a-w- c:\program files\2564218.dat

2010-03-06 22:56 . 2010-03-06 22:56 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes

2010-03-06 09:33 . 2010-03-06 09:33 4 ----a-w- c:\program files\2065812.dat

2010-03-06 08:59 . 2010-03-06 08:59 4 ----a-w- c:\program files\3514593.dat

2010-03-06 03:04 . 2010-03-28 06:01 43008 ----a-w- c:\windows\system32\igfxtray.exe

2010-03-05 22:21 . 2010-03-05 22:21 696832 ----a-w- c:\windows\is-MP6M1.exe

2010-03-05 22:04 . 2010-03-05 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2010-03-05 18:32 . 2010-03-28 05:38 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg.exe

2010-03-05 18:32 . 2010-03-28 05:38 43008 ----a-w- c:\documents and settings\Keiths\tpsmain.exe

2010-03-05 17:32 . 2010-03-28 06:01 43008 ----a-w- c:\windows\system32\agrsmmsg.exe

2010-03-05 17:32 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\alcmtr.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-28 06:01 . 2009-04-17 22:35 43008 ----a-w- c:\windows\v0470mon.exe

2010-03-28 06:01 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\hkcmd.exe

2010-03-28 06:01 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\igfxpers.exe

2010-03-28 06:01 . 2006-09-29 07:17 -------- d-----w- c:\program files\Protector Suite QL

2010-03-28 06:01 . 2007-12-24 07:31 -------- d-----w- c:\program files\QuickTime

2010-03-28 06:01 . 2006-07-20 00:27 43008 ----a-w- c:\windows\system32\tpsmain.exe

2010-03-26 18:32 . 2009-01-17 20:27 -------- d-----w- c:\program files\fixer #2

2010-03-17 05:57 . 2006-07-20 02:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee

2010-03-16 07:06 . 2004-08-03 22:59 96512 ------w- c:\windows\system32\drivers\atapi.sys

2010-03-14 23:04 . 2009-01-19 06:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-14 23:02 . 2009-10-04 02:55 117760 ----a-w- c:\documents and settings\Keiths\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-13 03:27 . 2009-01-18 03:24 1100 ----a-w- c:\windows\system32\d3d8caps.dat

2010-03-06 03:12 . 2009-01-18 04:56 -------- d-----w- c:\program files\testy

2010-03-05 21:42 . 2007-01-29 04:50 -------- d-----w- c:\documents and settings\Keiths\Application Data\U3

2010-03-05 17:31 . 2010-03-05 17:30 933888 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-01 19:49 . 2009-07-18 09:52 256 ----a-w- c:\windows\system32\pool.bin

2010-01-08 00:07 . 2009-01-18 04:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2009-01-18 04:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2006-07-19 00:48 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-07-19 00:47 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-07-19 00:46 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-07-19 00:47 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-10-30 17:17 . 2009-10-30 17:17 0 ----a-w- c:\program files\FlickrUploadr-3.2.1-2009.06.02.01-en.exe

2009-10-18 01:36 . 2009-10-18 01:36 5521440 ----a-w- c:\program files\scam.exe

2009-09-20 01:02 . 2009-09-20 01:02 1084920 ----a-w- c:\program files\yahoomailuploader_0.5.exe

2007-12-24 17:19 . 2007-12-24 17:19 6856007 ----a-w- c:\program files\pmconverter.exe

.

<pre>
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\testy\mbam .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-03-27_21.50.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-07-19 00:47 . 2010-03-27 21:53 72978 c:\windows\system32\perfc009.dat

- 2006-07-19 00:47 . 2010-03-14 15:11 72978 c:\windows\system32\perfc009.dat

+ 2010-03-28 06:01 . 2010-03-28 06:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-28 06:01 . 2010-03-28 06:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2006-07-19 00:47 . 2010-03-27 21:53 445938 c:\windows\system32\perfh009.dat

- 2006-07-19 00:47 . 2010-03-14 15:11 445938 c:\windows\system32\perfh009.dat

+ 2006-07-19 02:40 . 2010-03-28 06:00 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-07-19 02:40 . 2010-03-27 21:35 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2010-03-28 43008]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 43008]

"dbf70700.exe"="c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\documents and settings\Keiths\Application Data\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-05 933888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2010-03-28 43008]

"TPSMain"="TPSMain.exe" [2010-03-28 43008]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2010-03-28 43008]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2010-03-28 43008]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-03-28 43008]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-03-28 43008]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-03-28 43008]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-03-28 43008]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-03-28 43008]

"AGRSMMSG"="AGRSMMSG.exe" [2010-03-28 43008]

"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2010-03-28 43008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\windows\system32\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-03-28 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-03-28 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

a0ab019a-bf96-4236-a06d-3379b377cb79_24.lnk - c:\windows\system32\rundll32.exe [2006-7-18 33280]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]

ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-07-02 07:13 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]

2007-05-02 17:30 151552 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Software Update]

2007-01-04 22:18 481200 ------w- c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-11-17 09:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-28 05:38 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]

2006-04-26 00:57 299008 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dr. Guard]

c:\program files\Dr. Guard\drguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2005-12-16 09:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]

2009-03-27 22:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

c:\program files\McAfee.com\Agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

c:\progra~1\McAfee\MHN\McENUI.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2006-11-07 22:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

2005-12-06 05:06 1077322 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 20:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2005-04-26 23:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]

c:\program files\Spyware Guard 2008\spywareguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-01-30 06:56 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-03-28 05:38 43008 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-03-02 23:02 761948 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

TFncKy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

2006-08-02 23:52 364544 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOY5KNQ8OC]

c:\docume~1\keiths\locals~1\temp\iz1 .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\j2re1.4.2_19\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 12:06 PM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 55024]

R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [5/18/2008 4:00 PM 108768]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [6/1/2009 10:32 AM 23096]

S0 twIbpo;twIbpo;c:\windows\system32\drivers\cgtfmfkt.sys --> c:\windows\system32\drivers\cgtfmfkt.sys [?]

S2 gupdate1c9c0777e3036e0;Google Update Service (gupdate1c9c0777e3036e0);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2009 3:46 PM 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/18/2008 3:57 PM 1527900]

S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/1/2009 10:32 AM 245760]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/18/2008 3:58 PM 544768]

S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [4/17/2009 3:35 PM 146368]

.

Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

FF - ProfilePath - c:\documents and settings\Keiths\Application Data\Mozilla\Firefox\Profiles\ro0qk3ph.default\

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-28 09:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP000002857B6C2C69D30CB46C 524288 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

@DACL=(02 0000)

@SACL=

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\crypto.dll

c:\program files\Protector Suite QL\biokmd.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(968)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

.

Completion time: 2010-03-28 09:46:42

ComboFix-quarantined-files.txt 2010-03-28 16:46

ComboFix2.txt 2010-03-28 01:02

ComboFix3.txt 2010-03-27 21:55

Pre-Run: 39,764,639,744 bytes free

Post-Run: 39,706,750,976 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - E58D29272BD81200330A32556A590513

Link to post
Share on other sites

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

File::
c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe
c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe

Folder::
c:\program files\2139046.dat
c:\program files\2118015.dat
c:\program files\2117906.dat
c:\program files\2117812.dat
c:\program files\2117703.dat
c:\program files\2117609.dat
c:\program files\2117500.dat
c:\program files\2117296.dat
c:\program files\2117203.dat
c:\program files\2117093.dat
c:\program files\2116703.dat
c:\program files\4829375.dat
c:\program files\5974265.dat
c:\program files\5974046.dat
c:\program files\5973437.dat
c:\program files\5972984.dat
c:\windows\system32\d3d9caps.dat
c:\program files\2065812.dat
c:\program files\3514593.dat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dbf70700.exe"=-

RenV::
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\testy\mbam .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new Malwarebytes log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

ok I'll run combofix again with the CFScript and then follow up with Malwarebytes. I'm running the MBAM file from 1-7-10. Do I need the update? Like I said, I was having internet connection problems through my notebook but I haven't checked since the last scan. The intel PROSET wireless icon has changed, I don't know if that means anything. I'll reply in two hours

Link to post
Share on other sites

Here is the combofix and MBAM logs. When I tried to update Malwarebytes, I received this message:

error 732 (2,0)

I also get the antimalware defender popup whenever I try to access the internet.

On a positive note, the system is running better now and I have regained the ability to access regedit.

ComboFix 10-03-28.01 - Keiths 03/28/2010 10:38:57.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1451 [GMT -7:00]

Running from: G:\ComboFix.exe

Command switches used :: c:\documents and settings\Keiths\Desktop\CFScript.txt

FILE ::

"c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe

.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))

.

2010-03-27 21:10 . 2010-03-27 21:55 -------- d-----w- C:\Combo-Fix

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE

2010-03-27 15:28 . 2006-09-19 16:26 40960 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe

2010-03-27 15:28 . 2006-09-19 16:26 325 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat

2010-03-27 15:28 . 2006-09-19 16:26 1824884 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe

2010-03-27 15:28 . 2006-09-19 16:26 180224 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe

2010-03-27 15:28 . 2006-09-19 16:26 15 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat

2010-03-26 06:13 . 2010-03-26 06:13 4 ----a-w- c:\program files\3696421.dat

2010-03-26 05:11 . 2010-03-26 05:11 4 ----a-w- c:\program files\4367265.dat

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\agrsmmsg.exe

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\tpsmain.exe

2010-03-17 03:57 . 2010-03-17 03:57 -------- d-----w- c:\program files\CCleaner

2010-03-15 08:50 . 2010-03-15 08:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-03-14 23:07 . 2010-03-14 23:07 -------- d-----w- c:\documents and settings\Keiths\Application Data\AVG8

2010-03-14 21:09 . 2010-03-28 17:39 -------- d-----w- c:\program files\Windows Defender

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2139046.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2118015.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117906.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117812.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117703.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117609.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117500.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117296.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117203.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117093.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2116703.dat

2010-03-14 16:26 . 2010-03-14 16:26 4 ----a-w- c:\program files\4829375.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974265.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974046.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5973437.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5972984.dat

2010-03-13 00:35 . 2010-03-13 00:36 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes

2010-03-13 00:28 . 2006-07-19 23:49 3774 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}\_644366bb.exe

2010-03-13 00:28 . 2006-09-29 07:19 35072 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-13 00:28 . 2006-07-19 23:49 136 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\fusioncache.dat

2010-03-12 20:43 . 2010-03-12 20:43 4 ----a-w- c:\program files\4949765.dat

2010-03-12 18:35 . 2010-03-12 18:35 4 ----a-w- c:\program files\2564218.dat

2010-03-06 22:56 . 2010-03-06 22:56 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes

2010-03-06 09:33 . 2010-03-06 09:33 4 ----a-w- c:\program files\2065812.dat

2010-03-06 08:59 . 2010-03-06 08:59 4 ----a-w- c:\program files\3514593.dat

2010-03-06 03:04 . 2010-03-28 06:01 43008 ----a-w- c:\windows\system32\igfxtray.exe

2010-03-05 22:21 . 2010-03-05 22:21 696832 ----a-w- c:\windows\is-MP6M1.exe

2010-03-05 22:04 . 2010-03-05 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2010-03-05 18:32 . 2010-03-28 05:38 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg.exe

2010-03-05 18:32 . 2010-03-28 05:38 43008 ----a-w- c:\documents and settings\Keiths\tpsmain.exe

2010-03-05 17:32 . 2010-03-28 06:01 43008 ----a-w- c:\windows\system32\agrsmmsg.exe

2010-03-05 17:32 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\alcmtr.exe

1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\program files\101640.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-28 17:46 . 2009-04-17 22:35 43008 ----a-w- c:\windows\v0470mon.exe

2010-03-28 17:46 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\hkcmd.exe

2010-03-28 17:46 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\igfxpers.exe

2010-03-28 17:46 . 2006-09-29 07:17 -------- d-----w- c:\program files\Protector Suite QL

2010-03-28 17:39 . 2009-01-18 04:56 -------- d-----w- c:\program files\testy

2010-03-28 06:01 . 2009-04-17 22:35 43008 ----a-w- c:\windows\v0470mon .exe

2010-03-28 06:01 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\hkcmd .exe

2010-03-28 06:01 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\igfxpers .exe

2010-03-28 06:01 . 2010-03-06 03:04 43008 ----a-w- c:\windows\system32\igfxtray .exe

2010-03-28 06:01 . 2006-07-20 00:27 43008 ----a-w- c:\windows\system32\tpsmain.exe

2010-03-28 05:38 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg .exe

2010-03-28 05:38 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\tpsmain .exe

2010-03-28 05:38 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700.exe

2010-03-26 18:32 . 2009-01-17 20:27 -------- d-----w- c:\program files\fixer #2

2010-03-17 05:57 . 2006-07-20 02:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee

2010-03-16 07:06 . 2004-08-03 22:59 96512 ------w- c:\windows\system32\drivers\atapi.sys

2010-03-14 23:04 . 2009-01-19 06:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-14 23:02 . 2009-10-04 02:55 117760 ----a-w- c:\documents and settings\Keiths\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-13 03:27 . 2009-01-18 03:24 1100 ----a-w- c:\windows\system32\d3d8caps.dat

2010-03-05 21:42 . 2007-01-29 04:50 -------- d-----w- c:\documents and settings\Keiths\Application Data\U3

2010-03-05 17:31 . 2010-03-05 17:30 933888 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-01 19:49 . 2009-07-18 09:52 256 ----a-w- c:\windows\system32\pool.bin

2010-01-08 00:07 . 2009-01-18 04:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2009-01-18 04:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2006-07-19 00:48 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-07-19 00:47 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-07-19 00:46 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-07-19 00:47 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-10-30 17:17 . 2009-10-30 17:17 0 ----a-w- c:\program files\FlickrUploadr-3.2.1-2009.06.02.01-en.exe

2009-10-18 01:36 . 2009-10-18 01:36 5521440 ----a-w- c:\program files\scam.exe

2009-09-20 01:02 . 2009-09-20 01:02 1084920 ----a-w- c:\program files\yahoomailuploader_0.5.exe

2007-12-24 17:19 . 2007-12-24 17:19 6856007 ----a-w- c:\program files\pmconverter.exe

.

<pre>
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe
c:\windows\v0470mon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2010-03-28 43008]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\documents and settings\Keiths\Application Data\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2010-03-28 43008]

"TPSMain"="TPSMain.exe" [2010-03-28 43008]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2010-03-28 43008]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2010-03-28 43008]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-03-28 43008]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-03-28 43008]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-03-28 43008]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-03-28 43008]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-03-28 43008]

"AGRSMMSG"="AGRSMMSG.exe" [2010-03-28 43008]

"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2010-03-28 43008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\windows\system32\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-03-28 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

a0ab019a-bf96-4236-a06d-3379b377cb79_24.lnk - c:\windows\system32\rundll32.exe [2006-7-18 33280]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]

ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-07-02 07:13 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]

2007-05-02 17:30 151552 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Software Update]

2007-01-04 22:18 481200 ------w- c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-11-17 09:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-28 17:45 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]

2006-04-26 00:57 299008 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dr. Guard]

c:\program files\Dr. Guard\drguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2005-12-16 09:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]

2009-03-27 22:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

c:\program files\McAfee.com\Agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

c:\progra~1\McAfee\MHN\McENUI.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2006-11-07 22:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

2005-12-06 05:06 1077322 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 20:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2005-04-26 23:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]

c:\program files\Spyware Guard 2008\spywareguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-01-30 06:56 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-03-28 17:45 43008 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-03-02 23:02 761948 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

TFncKy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

2006-08-02 23:52 364544 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOY5KNQ8OC]

c:\docume~1\keiths\locals~1\temp\iz1 .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\j2re1.4.2_19\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 12:06 PM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 55024]

R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [5/18/2008 4:00 PM 108768]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [6/1/2009 10:32 AM 23096]

S0 twIbpo;twIbpo;c:\windows\system32\drivers\cgtfmfkt.sys --> c:\windows\system32\drivers\cgtfmfkt.sys [?]

S2 gupdate1c9c0777e3036e0;Google Update Service (gupdate1c9c0777e3036e0);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2009 3:46 PM 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/18/2008 3:57 PM 1527900]

S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/1/2009 10:32 AM 245760]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/18/2008 3:58 PM 544768]

S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [4/17/2009 3:35 PM 146368]

.

Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 17:46]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

FF - ProfilePath - c:\documents and settings\Keiths\Application Data\Mozilla\Firefox\Profiles\ro0qk3ph.default\

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-28 10:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\rundll32 .exe 33280 bytes executable

c:\windows\system32\igfxtray .exe 43008 bytes executable

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

@DACL=(02 0000)

@SACL=

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\crypto.dll

c:\program files\Protector Suite QL\biokmd.dll

c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(960)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(4044)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Photodex\ProShowGold\ScsiAccess.exe

c:\windows\system32\skeys.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\system32\TODDSrv.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\TPSMain.exe

c:\windows\RTHDCPL.EXE

c:\program files\Protector Suite QL\psqltray.exe

.

**************************************************************************

.

Completion time: 2010-03-28 10:49:22 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-28 17:49

ComboFix2.txt 2010-03-28 16:46

ComboFix3.txt 2010-03-28 01:02

ComboFix4.txt 2010-03-27 21:55

Pre-Run: 39,734,165,504 bytes free

Post-Run: 39,688,261,632 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 6C00507A8333B26DF9038BD80BB66A2B

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

3/28/2010 1:33:24 PM

mbam-log-2010-03-28 (13-33-24).txt

Scan type: Quick Scan

Objects scanned: 143091

Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Just to clarify, it's not a popup per say that appears, it's a antimalware defender warning assciated with a ie cannot access the internet page. When I kill the process with the task manager, it gives me a MS message stating you chose to close the unresponsive program, " run DLL as an APP"

Link to post
Share on other sites

Your PCM still is very infected. Even Windows Defender has been compromised and Intel\Wireless. Lets use RenV again...

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

RenV::
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe
c:\windows\v0470mon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rundll32 .exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

latest combofix logs

ComboFix 10-03-28.01 - Keiths 03/28/2010 16:28:12.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1488 [GMT -7:00]

Running from: G:\ComboFix.exe

Command switches used :: G:\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Keiths\agrsmmsg .exe

c:\documents and settings\Keiths\rthdcpl .exe

c:\documents and settings\Keiths\rthdcpl.exe

c:\documents and settings\Keiths\tpsmain .exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))

.

2010-03-27 21:10 . 2010-03-27 21:55 -------- d-----w- C:\Combo-Fix

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE

2010-03-27 15:28 . 2006-09-19 16:26 72192 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE

2010-03-27 15:28 . 2006-09-19 16:26 40960 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe

2010-03-27 15:28 . 2006-09-19 16:26 325 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat

2010-03-27 15:28 . 2006-09-19 16:26 1824884 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe

2010-03-27 15:28 . 2006-09-19 16:26 180224 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe

2010-03-27 15:28 . 2006-09-19 16:26 15 ----a-w- c:\documents and settings\Keiths\Application Data\U3\000017E6CA611313\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat

2010-03-26 06:13 . 2010-03-26 06:13 4 ----a-w- c:\program files\3696421.dat

2010-03-26 05:11 . 2010-03-26 05:11 4 ----a-w- c:\program files\4367265.dat

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\agrsmmsg.exe

2010-03-19 02:06 . 2010-03-19 02:06 43008 ----a-w- c:\documents and settings\Lisa\tpsmain.exe

2010-03-17 03:57 . 2010-03-17 03:57 -------- d-----w- c:\program files\CCleaner

2010-03-15 08:50 . 2010-03-15 08:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-03-14 23:07 . 2010-03-14 23:07 -------- d-----w- c:\documents and settings\Keiths\Application Data\AVG8

2010-03-14 21:09 . 2010-03-28 23:28 -------- d-----w- c:\program files\Windows Defender

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2139046.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2118015.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117906.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117812.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117703.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117609.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117500.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117296.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117203.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2117093.dat

2010-03-14 17:02 . 2010-03-14 17:02 4 ----a-w- c:\program files\2116703.dat

2010-03-14 16:26 . 2010-03-14 16:26 4 ----a-w- c:\program files\4829375.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974265.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5974046.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5973437.dat

2010-03-13 23:53 . 2010-03-13 23:53 4 ----a-w- c:\program files\5972984.dat

2010-03-13 00:35 . 2010-03-13 00:36 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes

2010-03-13 00:28 . 2006-07-19 23:49 3774 ----a-r- c:\documents and settings\Keith\Application Data\Microsoft\Installer\{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}\_644366bb.exe

2010-03-13 00:28 . 2006-09-29 07:19 35072 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-13 00:28 . 2006-07-19 23:49 136 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\fusioncache.dat

2010-03-12 20:43 . 2010-03-12 20:43 4 ----a-w- c:\program files\4949765.dat

2010-03-12 18:35 . 2010-03-12 18:35 4 ----a-w- c:\program files\2564218.dat

2010-03-06 22:56 . 2010-03-06 22:56 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes

2010-03-06 09:33 . 2010-03-06 09:33 4 ----a-w- c:\program files\2065812.dat

2010-03-06 08:59 . 2010-03-06 08:59 4 ----a-w- c:\program files\3514593.dat

2010-03-06 03:04 . 2010-03-28 06:01 43008 ----a-w- c:\windows\system32\igfxtray.exe

2010-03-05 22:21 . 2010-03-05 22:21 696832 ----a-w- c:\windows\is-MP6M1.exe

2010-03-05 22:04 . 2010-03-05 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2010-03-05 18:32 . 2010-03-28 21:53 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg.exe

2010-03-05 18:32 . 2010-03-28 21:53 43008 ----a-w- c:\documents and settings\Keiths\tpsmain.exe

2010-03-05 17:32 . 2010-03-28 06:01 43008 ----a-w- c:\windows\system32\agrsmmsg.exe

2010-03-05 17:32 . 2010-03-27 21:35 43008 ----a-w- c:\windows\system32\alcmtr.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-28 21:53 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\agrsmmsg .exe

2010-03-28 21:53 . 2010-03-05 18:32 43008 ----a-w- c:\documents and settings\Keiths\tpsmain .exe

2010-03-28 21:19 . 2009-01-18 04:56 -------- d-----w- c:\program files\testy

2010-03-28 06:01 . 2009-04-17 22:35 43008 ----a-w- c:\windows\v0470mon .exe

2010-03-28 06:01 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\hkcmd .exe

2010-03-28 06:01 . 2006-07-20 03:57 43008 ----a-w- c:\windows\system32\igfxpers .exe

2010-03-28 06:01 . 2010-03-06 03:04 43008 ----a-w- c:\windows\system32\igfxtray .exe

2010-03-28 06:01 . 2006-07-20 00:27 43008 ----a-w- c:\windows\system32\tpsmain.exe

2010-03-28 05:38 . 2010-03-05 17:30 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700.exe

2010-03-26 18:32 . 2009-01-17 20:27 -------- d-----w- c:\program files\fixer #2

2010-03-17 05:57 . 2006-07-20 02:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-03-17 05:14 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee

2010-03-16 07:06 . 2004-08-03 22:59 96512 ------w- c:\windows\system32\drivers\atapi.sys

2010-03-14 23:04 . 2009-01-19 06:00 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-14 23:02 . 2009-10-04 02:55 117760 ----a-w- c:\documents and settings\Keiths\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-13 03:27 . 2009-01-18 03:24 1100 ----a-w- c:\windows\system32\d3d8caps.dat

2010-03-05 21:42 . 2007-01-29 04:50 -------- d-----w- c:\documents and settings\Keiths\Application Data\U3

2010-03-05 17:31 . 2010-03-05 17:30 933888 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

2010-03-01 19:49 . 2009-07-18 09:52 256 ----a-w- c:\windows\system32\pool.bin

2010-01-07 23:07 . 2009-01-18 04:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 23:07 . 2009-01-18 04:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2006-07-19 00:48 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-07-19 00:47 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-07-19 00:46 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-07-19 00:47 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-10-30 17:17 . 2009-10-30 17:17 0 ----a-w- c:\program files\FlickrUploadr-3.2.1-2009.06.02.01-en.exe

2009-10-18 01:36 . 2009-10-18 01:36 5521440 ----a-w- c:\program files\scam.exe

2009-09-20 01:02 . 2009-09-20 01:02 1084920 ----a-w- c:\program files\yahoomailuploader_0.5.exe

2007-12-24 17:19 . 2007-12-24 17:19 6856007 ----a-w- c:\program files\pmconverter.exe

.

<pre>
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\Protector Suite QL\launcher .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\program files\Windows Defender\msascui .exe
c:\windows\v0470mon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2010-03-28 43008]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\documents and settings\Keiths\Application Data\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"dbf70700 .exe"="c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe" [2010-03-28 43008]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2010-03-28 43008]

"TPSMain"="TPSMain.exe" [2010-03-28 43008]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2010-03-28 43008]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2010-03-28 43008]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-03-28 43008]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-03-28 43008]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-03-28 43008]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-03-28 43008]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-03-28 43008]

"AGRSMMSG"="AGRSMMSG.exe" [2010-03-28 43008]

"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2010-03-28 43008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2010-03-28 43008]

"a0ab019a-bf96-4236-a06d-3379b377cb79_24"="c:\windows\system32\a0ab019a-bf96-4236-a06d-3379b377cb79_24.avi" [2010-03-05 958976]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-03-28 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

a0ab019a-bf96-4236-a06d-3379b377cb79_24.lnk - c:\windows\system32\rundll32.exe [2006-7-18 33280]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]

ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-07-02 07:13 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]

2007-05-02 17:30 151552 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Software Update]

2007-01-04 22:18 481200 ------w- c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-11-17 09:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-28 23:37 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

2010-03-14 15:09 43008 ----a-w- c:\documents and settings\Keiths\Application Data\449B00D7C1FAF11848268510AD4C3ACE\dbf70700 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbf70700 .exe]

c:\documents and settings\keiths\application data\449b00d7c1faf11848268510ad4c3ace\dbf70700 .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]

2006-04-26 00:57 299008 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dr. Guard]

c:\program files\Dr. Guard\drguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2005-12-16 09:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]

2009-03-27 22:53 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

c:\program files\McAfee.com\Agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

c:\progra~1\McAfee\MHN\McENUI.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

2006-11-07 22:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

2005-12-06 05:06 1077322 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 20:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2005-04-26 23:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]

c:\program files\Spyware Guard 2008\spywareguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2009-01-30 06:56 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-03-28 23:37 43008 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-03-02 23:02 761948 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]

TFncKy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

2006-08-02 23:52 364544 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOY5KNQ8OC]

c:\docume~1\keiths\locals~1\temp\iz1 .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\j2re1.4.2_19\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 12:06 PM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 55024]

R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [5/18/2008 4:00 PM 108768]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 3:54 PM 165160]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [6/1/2009 10:32 AM 23096]

S0 twIbpo;twIbpo;c:\windows\system32\drivers\cgtfmfkt.sys --> c:\windows\system32\drivers\cgtfmfkt.sys [?]

S2 gupdate1c9c0777e3036e0;Google Update Service (gupdate1c9c0777e3036e0);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2009 3:46 PM 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/18/2008 3:57 PM 1527900]

S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/1/2009 10:32 AM 245760]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/18/2008 3:58 PM 544768]

S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [4/17/2009 3:35 PM 146368]

.

Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-28 23:37]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 22:45]

2010-03-28 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

FF - ProfilePath - c:\documents and settings\Keiths\Application Data\Mozilla\Firefox\Profiles\ro0qk3ph.default\

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - plugin: c:\documents and settings\Keiths\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-28 16:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\rundll32 .exe 33280 bytes executable

c:\windows\system32\igfxtray .exe 43008 bytes executable

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

@DACL=(02 0000)

@SACL=

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\crypto.dll

c:\program files\Protector Suite QL\biokmd.dll

c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(964)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(512)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Photodex\ProShowGold\ScsiAccess.exe

c:\windows\system32\skeys.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\system32\TODDSrv.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\TPSMain.exe

c:\windows\RTHDCPL.EXE

c:\program files\Protector Suite QL\psqltray.exe

.

**************************************************************************

.

Completion time: 2010-03-28 16:41:05 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-28 23:41

ComboFix2.txt 2010-03-28 17:49

ComboFix3.txt 2010-03-28 16:46

ComboFix4.txt 2010-03-28 01:02

ComboFix5.txt 2010-03-28 23:26

Pre-Run: 39,617,064,960 bytes free

Post-Run: 39,568,244,736 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - EBCB1472E1C57A30F6BDED27CC320E5F

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.