Inactive [InActive] Virus-scan 2009 / Download Registry defender

Hello, While my explorer browser is open and i am relocating to a new website, an aditional browser will open with a random topic in it. some sites have been, automated-search, virus-scan2009, Download Registry Defender. Sometimes it will even open the browser when internet explorer is just open.
When the virus-scan 2009 pops up it asked if it can scan my computer because it may be at harm..... it does not look legit and i exit out of the browser asap.
Can someone please help...
Logfile of random's system information tool 1.04 (written by random/random)
Run by Garrett at 2008-11-27 01:19:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 174 GB (75%) free of 234 GB
Total RAM: 1022 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:40 AM, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Garrett\Desktop\RSIT.exe
C:\Documents and Settings\Garrett\Desktop\HiJackThis\Garrett.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {58bed89f-022c-4103-94b9-927d6fbd7b7c} - C:\WINDOWS\system32\rezizafo.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe "
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [vuvetodoza] Rundll32.exe "C:\WINDOWS\system32\pajafiba.dll ",s
O4 - HKLM\..\Run: [64e5b56c] rundll32.exe "C:\WINDOWS\system32\pafigewi.dll ",b
O4 - HKLM\..\Run: [CPM67d686f0] Rundll32.exe "c:\windows\system32\hudijire.dll ",a
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [vuvetodoza] Rundll32.exe "C:\WINDOWS\system32\pajafiba.dll ",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vuvetodoza] Rundll32.exe "C:\WINDOWS\system32\pajafiba.dll ",s (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sihivubo.dll c:\windows\system32\hudijire.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudijire.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudijire.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dkab_device - Dell - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11628 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58bed89f-022c-4103-94b9-927d6fbd7b7c}]
C:\WINDOWS\system32\rezizafo.dll [2008-08-26 62976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2008-08-08 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2008-08-08 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray "=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"DMXLauncher "=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DLA "=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"dlcgmon.exe "=C:\Program Files\Dell AIO 810\dlcgmon.exe [2005-10-21 425984]
"REGSHAVE "=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"snpstd "=C:\WINDOWS\vsnpstd.exe [2005-10-11 339968]
"ACROMOUSE "=C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe [2005-04-28 554496]
"Zune Launcher "=C:\Program Files\Zune\ZuneLauncher.exe [2007-03-14 24104]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"MMTray "=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2005-05-09 135168]
"mmtask "=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2005-05-09 53248]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"vuvetodoza "=C:\WINDOWS\system32\pajafiba.dll [2008-08-26 62976]
"64e5b56c "=C:\WINDOWS\system32\pafigewi.dll [2008-11-26 86580]
"CPM67d686f0 "=c:\windows\system32\hudijire.dll [2008-11-26 93748]
"MSKDetectorExe "=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"egui "=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "=C:\Program Files\Dell Support\DSAgnt.exe [2006-07-16 389120]
"MsnMsgr "=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"updateMgr "=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Active Desktop Calendar "=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe []
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe

C:\Documents and Settings\Garrett\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\WINDOWS\system32\sihivubo.dll c:\windows\system32\hudijire.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudijire.dll [2008-11-26 93748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudijire.dll [2008-11-26 93748]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=scecli
C:\WINDOWS\system32\sihivubo.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=157

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Documents and Settings\Garrett\My Documents\Temp\LimeWire\LimeWire.exe "= "C:\Documents and Settings\Garrett\My Documents\Temp\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\WINDOWS\system32\DKabcoms.exe "= "C:\WINDOWS\system32\DKabcoms.exe:*:Enabledell Enhanced TCP/IP "
"C:\WINDOWS\ehome\ehshell.exe "= "C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\Program Files\SecondLife\SLVoice.exe "= "C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\WINDOWS\explorer.exe "= "C:\WINDOWS\explorer.exe:*:Enabled:Explorer "
"C:\WINDOWS\system32\logonui.exe "= "C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui "
"C:\WINDOWS\system32\winlogon.exe "= "C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61736a2d-599f-11db-a9ca-806d6172696f}]
shell\AutoRun\command - D:\Autorun.exe


======List of files/folders created in the last 3 months======

2008-11-27 01:16:56 ----D---- C:\rsit
2008-11-26 23:24:01 ----D---- C:\WINDOWS\LastGood
2008-11-26 23:23:36 ----D---- C:\Program Files\ESET
2008-11-26 23:23:36 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-11-26 15:23:08 ----SH---- C:\WINDOWS\system32\iwegifap.ini
2008-11-26 15:17:35 ----A---- C:\WINDOWS\system32\~.exe
2008-11-13 00:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-13 00:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 00:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 00:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 14:45:53 ----D---- C:\WINDOWS\Prefetch
2008-11-11 12:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-11 12:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-11 12:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-11 12:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-11 12:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-11 12:39:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-11 12:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-11 12:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-11 12:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-11 12:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-11 12:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-11 12:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-11 12:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-11 12:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-11 12:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-11 12:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-11 12:32:23 ----D---- C:\WINDOWS\system32\scripting
2008-11-11 12:32:22 ----D---- C:\WINDOWS\l2schemas
2008-11-11 12:32:21 ----D---- C:\WINDOWS\system32\en
2008-11-11 12:32:21 ----D---- C:\WINDOWS\system32\bits
2008-11-11 12:28:43 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-11 12:20:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-29 12:30:04 ----D---- C:\Program Files\iPod
2008-10-29 12:30:02 ----D---- C:\Program Files\iTunes
2008-10-29 12:30:02 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-23 23:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-23 17:31:47 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-14 16:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-14 16:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 16:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-14 16:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-14 16:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-09-30 18:56:42 ----D---- C:\Documents and Settings\Garrett\Application Data\Musicmatch
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-19 11:03:11 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-19 11:01:40 ----D---- C:\kpk_excel_macros
2008-09-16 17:49:23 ----A---- C:\WINDOWS\system32\cdintf251.dll
2008-09-16 17:49:16 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-16 17:49:14 ----D---- C:\Documents and Settings\Garrett\Application Data\GreenPoint
2008-09-16 17:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\GreenPoint
2008-09-16 17:46:31 ----D---- C:\Program Files\ProFile
2008-09-16 16:04:43 ----D---- C:\Program Files\FITACCTP
2008-09-16 12:46:05 ----D---- C:\Documents and Settings\Garrett\Application Data\Corel
2008-09-16 12:39:51 ----D---- C:\Program Files\Corel
2008-09-16 12:39:51 ----D---- C:\Program Files\Common Files\Corel
2008-09-16 12:39:51 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2008-09-12 09:57:40 ----D---- C:\Documents and Settings\Garrett\Application Data\Mozilla
2008-09-10 22:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 22:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 11:58:34 ----D---- C:\Program Files\Bonjour
2008-09-10 11:56:59 ----D---- C:\Program Files\QuickTime
2008-09-10 11:55:02 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2008-09-09 16:35:38 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-09 16:35:16 ----D---- C:\WINDOWS\SHELLNEW
2008-09-09 16:35:00 ----D---- C:\Program Files\Microsoft.NET
2008-09-09 16:31:27 ----RHD---- C:\MSOCache
2008-08-29 09:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll

======List of files/folders modified in the last 3 months======

2008-11-27 01:19:19 ----D---- C:\WINDOWS\Temp
2008-11-26 23:24:12 ----SHD---- C:\WINDOWS\Installer
2008-11-26 23:24:07 ----HD---- C:\WINDOWS\inf
2008-11-26 23:24:07 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 23:24:01 ----D---- C:\WINDOWS
2008-11-26 23:23:36 ----RD---- C:\Program Files
2008-11-26 23:20:54 ----D---- C:\WINDOWS\system32
2008-11-26 23:20:07 ----D---- C:\WINDOWS\Registration
2008-11-26 23:20:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 23:18:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 23:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-11-26 23:17:57 ----SD---- C:\WINDOWS\Tasks
2008-11-26 18:40:26 ----D---- C:\Documents and Settings\Garrett\Application Data\McAfee.com Personal Firewall
2008-11-26 15:23:05 ----ASH---- C:\WINDOWS\system32\pafigewi.dll
2008-11-26 15:23:05 ----ASH---- C:\WINDOWS\system32\hudijire.dll
2008-11-24 07:07:07 ----D---- C:\WINDOWS\system32\dllcache
2008-11-23 16:20:04 ----D---- C:\WINDOWS\Help
2008-11-19 23:42:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-19 01:34:56 ----RSD---- C:\WINDOWS\Fonts
2008-11-13 00:43:45 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 00:43:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 00:42:32 ----D---- C:\WINDOWS\WinSxS
2008-11-12 23:59:35 ----SD---- C:\Documents and Settings\Garrett\Application Data\Microsoft
2008-11-11 20:14:50 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-11 14:50:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-11 14:45:58 ----A---- C:\WINDOWS\setuplog.txt
2008-11-11 14:45:18 ----D---- C:\WINDOWS\system32\Setup
2008-11-11 14:45:18 ----D---- C:\WINDOWS\AppPatch
2008-11-11 14:45:17 ----D---- C:\WINDOWS\system32\wbem
2008-11-11 12:43:25 ----D---- C:\WINDOWS\security
2008-11-11 12:41:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-11 12:37:51 ----D---- C:\Program Files\Messenger
2008-11-11 12:32:42 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-11 12:32:42 ----D---- C:\WINDOWS\network diagnostic
2008-11-11 12:32:42 ----D---- C:\WINDOWS\ime
2008-11-11 12:32:24 ----D---- C:\WINDOWS\system32\usmt
2008-11-11 12:32:24 ----D---- C:\WINDOWS\system32\en-US
2008-11-11 12:32:21 ----D---- C:\WINDOWS\PeerNet
2008-11-11 12:32:21 ----D---- C:\Program Files\Movie Maker
2008-11-11 12:28:30 ----D---- C:\WINDOWS\system32\Restore
2008-11-11 12:28:30 ----D---- C:\WINDOWS\system32\npp
2008-11-11 12:28:30 ----D---- C:\WINDOWS\mui
2008-11-11 12:28:28 ----D---- C:\WINDOWS\msagent
2008-11-11 12:28:26 ----D---- C:\WINDOWS\srchasst
2008-11-11 12:28:25 ----D---- C:\Program Files\NetMeeting
2008-11-11 12:28:24 ----D---- C:\WINDOWS\system32\Com
2008-11-11 12:28:21 ----D---- C:\Program Files\Windows NT
2008-11-11 12:28:21 ----D---- C:\Program Files\Outlook Express
2008-11-11 12:28:17 ----D---- C:\Program Files\Common Files\System
2008-11-11 12:28:00 ----D---- C:\WINDOWS\system32\oobe
2008-11-11 12:27:57 ----D---- C:\WINDOWS\system
2008-11-11 12:23:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-11 12:20:09 ----D---- C:\WINDOWS\ehome
2008-10-29 12:28:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 16:07:29 ----D---- C:\Program Files\Internet Explorer
2008-10-03 10:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-03 00:44:50 ----D---- C:\dell
2008-09-30 18:57:25 ----D---- C:\Program Files\MUSICMATCH
2008-09-30 18:56:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-26 10:50:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-26 10:50:45 ----D---- C:\Program Files\Microsoft Games
2008-09-19 11:10:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-19 11:09:46 ----A---- C:\WINDOWS\win.ini
2008-09-19 10:25:22 ----D---- C:\WINDOWS\addins
2008-09-17 22:15:55 ----D---- C:\Program Files\Microsoft Works
2008-09-17 22:15:44 ----D---- C:\Program Files\Microsoft Office
2008-09-17 06:08:05 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-16 17:49:20 ----D---- C:\Program Files\Common Files\Intuit
2008-09-16 16:10:41 ----A---- C:\WINDOWS\system.ini
2008-09-16 12:39:51 ----D---- C:\Program Files\Common Files
2008-09-10 11:57:02 ----D---- C:\Program Files\Common Files\Apple
2008-09-09 18:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-09 16:36:43 ----A---- C:\WINDOWS\ODBC.INI
2008-09-04 10:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-09-02 15:33:21 ----D---- C:\Program Files\FinePixViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 Jukebox;Jukebox; C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys [2004-09-29 16752]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-12-06 390656]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2005-05-19 53248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-10-20 96256]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-24 66872]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2007-03-14 975400]
R3 dlcg_device;dlcg_device; C:\WINDOWS\system32\dlcgcoms.exe [2005-10-28 491520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768]
S3 dkab_device;dkab_device; C:\WINDOWS\system32\DKabcoms.exe [2005-05-23 487424]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

 

Hi Gsere875
Welcome to Windowsbbs.

Please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Here is the Information you requested Geri.
Thanks,
Garrett
ComboFix 08-11-27.07 - Garrett 2008-11-28 12:46:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.428 [GMT -7:00]
Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\~.exe
c:\windows\system32\bebufizu.dll
c:\windows\system32\hudijire.dll
c:\windows\system32\irevivos.ini
c:\windows\system32\iwegifap.ini
c:\windows\system32\mivagomi.dll
c:\windows\system32\odilojep.ini
c:\windows\system32\pafigewi.dll
c:\windows\system32\pajafiba.dll
c:\windows\system32\pejolido.dll
c:\windows\system32\rezizafo.dll
c:\windows\system32\rosozevi.dll
c:\windows\system32\sihivubo.dll
c:\windows\system32\soviveri.dll
c:\windows\system32\uzifubeb.ini
c:\windows\system32\zijuguja.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 01:16 . 2008-11-27 01:17 <DIR> d-------- C:\rsit
2008-11-26 23:23 . 2008-11-26 23:23 <DIR> d-------- c:\program files\ESET
2008-11-26 23:23 . 2008-11-26 23:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-12 11:03 . 2008-09-04 10:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:03 . 2008-10-24 04:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\system32\scripting
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\system32\en
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\system32\bits
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\l2schemas
2008-11-11 12:28 . 2008-11-11 12:32 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- c:\program files\iTunes
2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- c:\program files\iPod
2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 06:18 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-11-27 01:40 --------- d-----w c:\documents and settings\Garrett\Application Data\McAfee.com Personal Firewall
2008-11-27 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-20 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-04 20:00 --------- d-----w c:\program files\ProFile
2008-11-04 20:00 --------- d-----w c:\documents and settings\All Users\Application Data\GreenPoint
2008-11-04 04:48 7,908 ----a-w c:\documents and settings\Garrett\Application Data\wklnhst.dat
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-01 19:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-01 01:57 --------- d-----w c:\program files\MUSICMATCH
2008-10-01 01:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-01 01:56 --------- d-----w c:\documents and settings\Garrett\Application Data\Musicmatch
2007-02-01 02:26 88 --sh--r c:\windows\system32\1CEAD6A851.sys
2007-02-01 02:27 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcgmon.exe "= "c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"REGSHAVE "= "c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"snpstd "= "c:\windows\vsnpstd.exe" [2005-10-11 339968]
"ACROMOUSE "= "c:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-28 554496]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"MMTray "= "c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-09 135168]
"mmtask "= "c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]

c:\documents and settings\Garrett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-01-31 282624]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\DKabcoms.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys [2007-02-25 70016]
R2 RMSvc;Media Center Extender Resource Monitor;c:\windows\ehome\RMSvc.exe [2005-10-20 28160]
S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service []
S3 QWAVE;QWAVE service;c:\windows\system32\svchost.exe -k QWAVE [2005-08-16 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 17:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{58bed89f-022c-4103-94b9-927d6fbd7b7c} - c:\windows\system32\rezizafo.dll
HKCU-Run-Active Desktop Calendar - c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 12:50:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dlcgcoms.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-28 12:53:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 19:53:54

Pre-Run: 182,477,688,832 bytes free
Post-Run: 183,374,860,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

175 --- E O F --- 2008-11-13 07:46:02

 

Hi
Please do the following.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

DirLook::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Please post the Combofix log.

Thanks

 

Here is the Log Geri,
Thanks,
Gsere875

ComboFix 08-11-27.07 - Garrett 2008-11-29 15:25:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.507 [GMT -7:00]
Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Garrett\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-27 01:16 . 2008-11-27 01:17 <DIR> d-------- C:\rsit
2008-11-26 23:23 . 2008-11-26 23:23 <DIR> d-------- c:\program files\ESET
2008-11-26 23:23 . 2008-11-26 23:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-12 11:03 . 2008-09-04 10:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:03 . 2008-10-24 04:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\system32\scripting
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\system32\en
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\system32\bits
2008-11-11 12:32 . 2008-11-11 12:32 <DIR> d-------- c:\windows\l2schemas
2008-11-11 12:28 . 2008-11-11 12:32 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- c:\program files\iTunes
2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- c:\program files\iPod
2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 06:18 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-11-27 01:40 --------- d-----w c:\documents and settings\Garrett\Application Data\McAfee.com Personal Firewall
2008-11-27 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-20 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-04 20:00 --------- d-----w c:\program files\ProFile
2008-11-04 20:00 --------- d-----w c:\documents and settings\All Users\Application Data\GreenPoint
2008-11-04 04:48 7,908 ----a-w c:\documents and settings\Garrett\Application Data\wklnhst.dat
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 21:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 21:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 19:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-01 01:57 --------- d-----w c:\program files\MUSICMATCH
2008-10-01 01:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-01 01:56 --------- d-----w c:\documents and settings\Garrett\Application Data\Musicmatch
2008-09-30 23:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-06 04:16 1,900,544 ----a-w c:\windows\system32\usbaaplrc.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 15:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2007-02-01 02:26 88 --sh--r c:\windows\system32\1CEAD6A851.sys
2007-02-01 02:27 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ----

2008-07-04 12:35 54632 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2008-04-24 07:25 11168 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
2008-04-17 12:12 319456 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
2008-04-17 12:12 2761 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
2008-04-17 12:12 15464 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
2008-04-17 12:12 107368 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll


((((((((((((((((((((((((((((( snapshot@2008-11-28_12.53.29.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-29 19:48:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcgmon.exe "= "c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"REGSHAVE "= "c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"snpstd "= "c:\windows\vsnpstd.exe" [2005-10-11 339968]
"ACROMOUSE "= "c:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-28 554496]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"MMTray "= "c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-09 135168]
"mmtask "= "c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]

c:\documents and settings\Garrett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-01-31 282624]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\DKabcoms.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys [2007-02-25 70016]
R2 RMSvc;Media Center Extender Resource Monitor;c:\windows\ehome\RMSvc.exe [2005-10-20 28160]
S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service []
S3 QWAVE;QWAVE service;c:\windows\system32\svchost.exe -k QWAVE [2005-08-16 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 17:12]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 15:27:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-29 15:28:56
ComboFix-quarantined-files.txt 2008-11-29 22:28:32
ComboFix2.txt 2008-11-28 19:53:58

Pre-Run: 183,265,488,896 bytes free
Post-Run: 183,278,256,128 bytes free

165 --- E O F --- 2008-11-13 07:46:02

 

Hi
OK that look good.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now a on line.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks

 

Geri, here are the Kaspersky results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 30, 2008 01:42:04
Records in database: 1428315
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 95194
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:43:28


File name / Threat name / Threats count
C:\Documents and Settings\Garrett\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-191b6382 Infected: Exploit.Java.Gimsh.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pejolido.dll.vir Infected: Trojan.Win32.Monder.aamw 1

The selected area was scanned.
Thanks,
Garrett

 

Hi Garrett
OK good.

Please do the following.

Please download JavaRa and save the file to your desktop.

• Right click and Extract All
• Once extracted, open and run JavaRa.exe
• Click Search For Updates
• Select Update Using jucheck.exe
• Click Search
• If a newer version is found, allow it to be installed
• Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
• When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
• When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
• Exit the tool when complete.

Read and then You can delete the gpl-2.0.txt file.

Now this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Delete RSIT.exe and this Folder C:\rsit

Let me know how things are running.

Thanks