Hey is this okay or is it bad?

I put a pw in the login and I do use a psp and downloaded media manager myself.

Here's the log:


Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.1014.567 [GMT -8:00]
Running from: c:\documents and settings\JosephK\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\JosephK\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-27 16:45 . 2009-02-27 16:45 d-------- C:\_OTMoveIt
2009-02-27 16:07 . 2009-02-27 16:10 d-------- C:\windows(1)
2009-02-27 15:58 . 2009-02-27 15:59 d-------- C:\cf
2009-02-27 15:51 . 2004-08-10 04:00 15,872 --a--c--- c:\windows\system32\dllcache\cdmodem.dll
2009-02-27 15:51 . 2004-08-10 04:00 15,872 --a------ c:\windows\system32\cdmodem.dll
2009-02-27 15:43 . 2009-02-27 15:57 d-------- C:\ComboFix
2009-02-14 16:03 . 2009-02-14 16:03 d-------- c:\documents and settings\JosephK\Application Data\Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 00:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-28 00:27 --------- d-----w c:\documents and settings\JosephK\Application Data\toshiba
2009-02-27 23:39 --------- d-----w c:\program files\ESTsoft
2009-02-27 23:39 --------- d-----w c:\documents and settings\JosephK\Application Data\EstSoft
2009-02-26 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-25 09:31 --------- d-----w c:\program files\Google
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 22:45 --------- d-----w c:\documents and settings\JosephK\Application Data\Move Networks
2009-02-05 04:03 --------- d-----w c:\documents and settings\JosephK\Application Data\Intel
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-28 20:42 507,904 ----a-w c:\windows\system32\winlogon.exe
2008-11-28 20:42 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-08-31 23:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe -- Not a PE file.
MD5: 3969440ba384d35317dbbdeeaae641ce

---- Directory of c:\documents and settings\JosephK\Application Data\Red Kawa ----

2009-02-20 21:30 1328 --a------ c:\documents and settings\JosephK\Application Data\Red Kawa\VideoConverterApp\Settings\Program.xml
2009-02-14 16:06 16912 --a------ c:\documents and settings\JosephK\Application Data\Red Kawa\VideoConverterApp\Profiles\PSP.xml
2009-02-14 16:03 253 --a------ c:\documents and settings\JosephK\Application Data\Red Kawa\VideoConverterApp\Settings\Device.xml


------- Sigcheck -------

2004-08-10 04:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-11-28 12:42 507904 3969440ba384d35317dbbdeeaae641ce c:\windows\system32\winlogon.exe

2005-03-09 23:49 295424 c29a5286e64d97385178452d5f307b98 c:\windows\$NtServicePackUninstall$\termsrv.dll
2004-08-10 04:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtUninstallKB895961$\termsrv.dll
2008-11-28 12:42 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot_2009-02-24_23.25.37.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2009-02-27 23:30:15 64,512 ----a-w c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\c57d80381.dll
+ 2004-08-10 12:00:00 14,848 -c--a-w c:\windows\system32\dllcache\msidntld.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
+ 2004-08-10 12:00:00 19,200 -c--a-w c:\windows\system32\dllcache\tapi.dll
+ 2004-08-10 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\tapiperf.dll
+ 2004-08-10 12:00:00 32,256 -c--a-w c:\windows\system32\dllcache\wupdmgr.exe
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-02-20 1589248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= 77646d6175642e647276
"midi1"= 77646d6175642e647276
"mixer1"= 77646d6175642e647276
"aux1"= 77646d6175642e647276
"midi2"= 77646d6175642e647276
"wave2"= 77646d6175642e647276
"aux2"= 77646d6175642e647276
"mixer2"= 77646d6175642e647276

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141344126\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1945572122-4240672115-730656245-1005.job
- c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-21 16:43]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\JosephK\Application Data\Mozilla\Firefox\Profiles\jry7th0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - plugin: c:\documents and settings\JosephK\Application Data\Mozilla\Firefox\Profiles\jry7th0g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCMListControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcyworld.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 17:24:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1945572122-4240672115-730656245-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="3g/LtL8vhhZV6hrwIDe2cdVtSM4IHoAZswMLGgxce1jHIb9Uu+kZpQ=="
"PLCK"="Fr0/nD6TnaSVn4Qpft5LDBPceYSkjdRT"
"Percents"="0 0.0647 0.1836 0.5575 0.8032 0.8864 0.889 "
"Increment"=".005464"
"PHSH"=""
.
Completion time: 2009-02-27 17:26:23
ComboFix-quarantined-files.txt 2009-02-28 01:26:21
ComboFix2.txt 2009-02-28 01:06:55
ComboFix3.txt 2009-02-26 23:30:46
ComboFix4.txt 2009-02-25 08:05:36
ComboFix5.txt 2009-02-28 01:23:29

Pre-Run: 84,712,800,256 bytes free
Post-Run: 84,700,917,760 bytes free

191 --- E O F --- 2009-02-25 23:25:10

Sorry about the double post.

Here's the log:

Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.1014.567 [GMT -8:00]
Running from: c:\documents and settings\JosephK\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\JosephK\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-27 16:45 . 2009-02-27 16:45 d-------- C:\_OTMoveIt
2009-02-27 16:07 . 2009-02-27 16:10 d-------- C:\windows(1)
2009-02-27 15:58 . 2009-02-27 15:59 d-------- C:\cf
2009-02-27 15:51 . 2004-08-10 04:00 15,872 --a--c--- c:\windows\system32\dllcache\cdmodem.dll
2009-02-27 15:51 . 2004-08-10 04:00 15,872 --a------ c:\windows\system32\cdmodem.dll
2009-02-27 15:43 . 2009-02-27 15:57 d-------- C:\ComboFix
2009-02-14 16:03 . 2009-02-14 16:03 d-------- c:\documents and settings\JosephK\Application Data\Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 00:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-28 00:27 --------- d-----w c:\documents and settings\JosephK\Application Data\toshiba
2009-02-27 23:39 --------- d-----w c:\program files\ESTsoft
2009-02-27 23:39 --------- d-----w c:\documents and settings\JosephK\Application Data\EstSoft
2009-02-26 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-25 09:31 --------- d-----w c:\program files\Google
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 22:45 --------- d-----w c:\documents and settings\JosephK\Application Data\Move Networks
2009-02-05 04:03 --------- d-----w c:\documents and settings\JosephK\Application Data\Intel
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-28 20:42 507,904 ----a-w c:\windows\system32\winlogon.exe
2008-11-28 20:42 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-08-31 23:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe -- Not a PE file.
MD5: 3969440ba384d35317dbbdeeaae641ce

---- Directory of c:\documents and settings\JosephK\Application Data\Red Kawa ----

2009-02-20 21:30 1328 --a------ c:\documents and settings\JosephK\Application Data\Red Kawa\VideoConverterApp\Settings\Program.xml
2009-02-14 16:06 16912 --a------ c:\documents and settings\JosephK\Application Data\Red Kawa\VideoConverterApp\Profiles\PSP.xml
2009-02-14 16:03 253 --a------ c:\documents and settings\JosephK\Application Data\Red Kawa\VideoConverterApp\Settings\Device.xml


------- Sigcheck -------

2004-08-10 04:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-11-28 12:42 507904 3969440ba384d35317dbbdeeaae641ce c:\windows\system32\winlogon.exe

2005-03-09 23:49 295424 c29a5286e64d97385178452d5f307b98 c:\windows\$NtServicePackUninstall$\termsrv.dll
2004-08-10 04:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtUninstallKB895961$\termsrv.dll
2008-11-28 12:42 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot_2009-02-24_23.25.37.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2009-02-27 23:30:15 64,512 ----a-w c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\c57d80381.dll
+ 2004-08-10 12:00:00 14,848 -c--a-w c:\windows\system32\dllcache\msidntld.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
+ 2004-08-10 12:00:00 19,200 -c--a-w c:\windows\system32\dllcache\tapi.dll
+ 2004-08-10 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\tapiperf.dll
+ 2004-08-10 12:00:00 32,256 -c--a-w c:\windows\system32\dllcache\wupdmgr.exe
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-02-20 1589248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= 77646d6175642e647276
"midi1"= 77646d6175642e647276
"mixer1"= 77646d6175642e647276
"aux1"= 77646d6175642e647276
"midi2"= 77646d6175642e647276
"wave2"= 77646d6175642e647276
"aux2"= 77646d6175642e647276
"mixer2"= 77646d6175642e647276

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141344126\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1945572122-4240672115-730656245-1005.job
- c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-21 16:43]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\JosephK\Application Data\Mozilla\Firefox\Profiles\jry7th0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - plugin: c:\documents and settings\JosephK\Application Data\Mozilla\Firefox\Profiles\jry7th0g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCMListControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcyworld.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 17:24:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1945572122-4240672115-730656245-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="3g/LtL8vhhZV6hrwIDe2cdVtSM4IHoAZswMLGgxce1jHIb9Uu+kZpQ=="
"PLCK"="Fr0/nD6TnaSVn4Qpft5LDBPceYSkjdRT"
"Percents"="0 0.0647 0.1836 0.5575 0.8032 0.8864 0.889 "
"Increment"=".005464"
"PHSH"=""
.
Completion time: 2009-02-27 17:26:23
ComboFix-quarantined-files.txt 2009-02-28 01:26:21
ComboFix2.txt 2009-02-28 01:06:55
ComboFix3.txt 2009-02-26 23:30:46
ComboFix4.txt 2009-02-25 08:05:36
ComboFix5.txt 2009-02-28 01:23:29

Pre-Run: 84,712,800,256 bytes free
Post-Run: 84,700,917,760 bytes free

191 --- E O F --- 2009-02-25 23:25:10

Hello.
It didn't get deleted, it's there. Just refresh once you have posted the log.
Some weird values keep returning, but I think it's safe to say they aren't malicious, just random numbers. One more round to delete a malicious file and I think we can say this is a wrap.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\c57d80381.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"wave2"="wdmaud.drv"
"aux2"="wdmaud.drv"
"mixer2"="wdmaud.drv"

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-02-27.02 - JosephK 2009-02-27 17:43:33.32 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.1014.487 [GMT -8:00]
Running from: c:\documents and settings\JosephK\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\JosephK\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\c57d80381.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\c57d80381.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-27 16:45 . 2009-02-27 16:45 d-------- C:\_OTMoveIt
2009-02-27 16:07 . 2009-02-27 16:10 d-------- C:\windows(1)
2009-02-27 15:58 . 2009-02-27 15:59 d-------- C:\cf
2009-02-27 15:51 . 2004-08-10 04:00 15,872 --a--c--- c:\windows\system32\dllcache\cdmodem.dll
2009-02-27 15:51 . 2004-08-10 04:00 15,872 --a------ c:\windows\system32\cdmodem.dll
2009-02-27 15:43 . 2009-02-27 15:57 d-------- C:\ComboFix
2009-02-14 16:03 . 2009-02-14 16:03 d-------- c:\documents and settings\JosephK\Application Data\Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 00:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-28 00:27 --------- d-----w c:\documents and settings\JosephK\Application Data\toshiba
2009-02-27 23:39 --------- d-----w c:\program files\ESTsoft
2009-02-27 23:39 --------- d-----w c:\documents and settings\JosephK\Application Data\EstSoft
2009-02-26 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-25 09:31 --------- d-----w c:\program files\Google
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 22:45 --------- d-----w c:\documents and settings\JosephK\Application Data\Move Networks
2009-02-05 04:03 --------- d-----w c:\documents and settings\JosephK\Application Data\Intel
2008-08-31 23:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

------- Sigcheck -------

2004-08-10 04:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-11-28 12:42 507904 3969440ba384d35317dbbdeeaae641ce c:\windows\system32\winlogon.exe

2005-03-09 23:49 295424 c29a5286e64d97385178452d5f307b98 c:\windows\$NtServicePackUninstall$\termsrv.dll
2004-08-10 04:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtUninstallKB895961$\termsrv.dll
2008-11-28 12:42 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot_2009-02-24_23.25.37.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2004-08-10 12:00:00 14,848 -c--a-w c:\windows\system32\dllcache\msidntld.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
+ 2004-08-10 12:00:00 19,200 -c--a-w c:\windows\system32\dllcache\tapi.dll
+ 2004-08-10 12:00:00 5,632 -c--a-w c:\windows\system32\dllcache\tapiperf.dll
+ 2004-08-10 12:00:00 32,256 -c--a-w c:\windows\system32\dllcache\wupdmgr.exe
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-02-20 1589248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-02 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141344126\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1945572122-4240672115-730656245-1005.job
- c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-21 16:43]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\JosephK\Application Data\Mozilla\Firefox\Profiles\jry7th0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - plugin: c:\documents and settings\JosephK\Application Data\Mozilla\Firefox\Profiles\jry7th0g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\JosephK\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCMListControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcyworld.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 17:46:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1945572122-4240672115-730656245-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="3g/LtL8vhhZV6hrwIDe2cdVtSM4IHoAZswMLGgxce1jHIb9Uu+kZpQ=="
"PLCK"="Fr0/nD6TnaSVn4Qpft5LDBPceYSkjdRT"
"Percents"="0 0.0647 0.1836 0.5575 0.8032 0.8864 0.889 "
"Increment"=".005464"
"PHSH"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\ehRec.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\ehome\ehRec.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\igfxext.exe
c:\windows\ehome\ehRec.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\ehome\ehRec.exe
.
**************************************************************************
.
Completion time: 2009-02-27 17:49:41 - machine was rebooted [JosephK]
ComboFix-quarantined-files.txt 2009-02-28 01:49:38
ComboFix2.txt 2009-02-28 01:26:24
ComboFix3.txt 2009-02-28 01:06:55
ComboFix4.txt 2009-02-26 23:30:46
ComboFix5.txt 2009-02-28 01:42:23

Pre-Run: 84,681,449,472 bytes free
Post-Run: 84,670,099,456 bytes free

203 --- E O F --- 2009-02-25 23:25:10


Is it okay?

Yep, looks fine to me now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Now lets install a new AV (Avira)

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Let me know how the machine is running now.

It's working normally. I guess it wraps it up then. Thank you for the help and have a nice day.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.