5 replies to this topic

[HurrHurr]

Here are the logs from my computer, Im having problems with those pesky trojans

MBAM Scan
Malwarebytes' Anti-Malware 1.30
Database version: 1437
Windows 5.1.2600 Service Pack 3

11/30/2008 7:32:50 PM
mbam-log-2008-11-30 (19-32-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 196901
Time elapsed: 7 hour(s), 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 13
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\vodademo.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\tusihivi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb5558 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd1934 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3756 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc2357 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb1803 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd8805 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga5008 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc6937 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1ba91cee (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dupunizome (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\189a2f72 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\vodademo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\vodademo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\vodademo.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\magiduko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\okudigam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tohazite.dll_old (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\etizahot.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vodademo.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\tusihivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\serodaba.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1435\A1009673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436\A1009973.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436\A1009975.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vipepili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yinonude.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\kusihino.dll (Trojan.Agent) -> Delete on reboot.


Panda Active Scan
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-01 03:06:35
PROTECTIONS: 3
MALWARE: 27
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.3903.0 No Yes
McAfee Internet Security Suite 2007 8.1 No No
McAfee VirusScan Plus 12.1 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia.zip
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00032745 adware/sahagent Adware No 0 Yes No c:\windows\system32\ritsacnk.dat
00032745 adware/sahagent Adware No 0 Yes No c:\windows\system32\bqrufs5f.dat
00040538 adware/zango Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
00040538 adware/zango Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jahmard hudson@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jiquori roberson@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@doubleclick[1].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@centrport[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@clickbank[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@clickbank[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@findwhat[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@findwhat[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@findwhat[2].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@ehg.hitbox[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@toplist[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mimi\Cookies\mimi@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Mimi\Local Settings\Temp\Cookies\mimi@www.burstbeacon[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@weborama[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mimi\Cookies\mimi@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jiquori Roberson\Cookies\jiquori_roberson@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jiquori roberson@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jandra hudson@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\jahmard hudson@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@statse.webtrendslive[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\sandra hudson@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jiquori Roberson\Cookies\jiquori_roberson@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@searchportal.information[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@searchportal.information[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Sandra Hudson\Cookies\sandra_hudson@target[2].txt
00273914 Adware/EMediaCodec Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436\A1009971.exe
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Cookies\jahmard_hudson@adserver.filefront[1].txt
00388689 Adware/AntiSpywareExpert Adware No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Local Settings\Temporary Internet Files\Content.IE5\PMK0L9Q2\params[1].js
00388804 Application/PCPrivacyCleaner HackTools No 0 Yes No C:\Documents and Settings\Jahmard Hudson\Local Settings\Temporary Internet Files\Content.IE5\ITFJQT1U\index[1].js
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Sandra Hudson\Local Settings\Temporary Internet Files\Content.IE5\IFRN5BLB\freescan[1].htm
00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Jiquori Roberson\Local Settings\Temporary Internet Files\Content.IE5\JYS3VGQH\freescan[1].htm
03587590 Adware/Yassist Adware No 0 No No C:\Documents and Settings\Jiquori Roberson\My Documents\My Videos\DivXInstaller.exe[²ÇÇ\y_toolbar.exe][²èÇ]
03755584 Generic Malware Virus/Trojan No 0 Yes No C:\I386\GTDownDE_87.ocx
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location 7
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description 7
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================


HiJack This Scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:28 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\desksite\bin\cma.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8982ea39-f685-4832-832d-740a2ded7f4a} - C:\WINDOWS\system32\godadoju.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\DOCUME~1\JAHMAR~1\aim.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karina.dat c:\windows\system32\yinonude.dll
O23 - Service: McAfee Application Installer Cleanup (0152141228140163) (0152141228140163mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015214~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12012 bytes

[Yourhighness]

hi HurrHurr!

Welcome to Malwarebytes.org!

Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange.

Please also take note of the following:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for this issue on this machine
  
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  
• If you don't know, stop and ask! Don't keep going on.
  
• Please reply to this thread. Do not start a new topic.

Step #1

• Please download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  
• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step #2

* Clean your Cache and Cookies in InternetExplorer:

• Close all instances of Outlook Express and Internet Explorer
  
• Go to Control Panel > Internet Options > General tab
  
• Click the "Delete Cookies" button
  
• Next to it, Click the "Delete Files" button
  
• When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

• Go to Tools > Options.
  
• Click Privacy in the menu on the left side of the Options window.
  
• Click the Clear button located to the right of each option (History, Cookies, Cache).
  
• Click OK to close the Options window
  Alternatively, you can clear all information stored while browsing by clicking Clear All.
  A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
  
• Let it scan your system for files to remove.
  
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  
• Press OK to remove them.

Step #3

Please post back with the logs. Thanks!

[HurrHurr]

INFO
info.txt logfile of random's system information tool 1.04 2008-12-01 16:14:43

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2005-->MsiExec.exe /I{05410044-64A6-4248-A026-9745C1E9E159}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets and Trips 2005-->MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2005 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nimo Codecs Pack v5.0 (Remove Only)-->"C:\Program Files\NimoCodec Pack\uninstall.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RapidLeecher-->"C:\Documents and Settings\Jahmard Hudson\My Documents\RapidLeecher\Uninstall.exe"
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steelers Super Bowl XL Screen Saver-->C:\WINDOWS\system32\Steelers_Super_Bowl_XL_62966[1].scr /uninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

======Hosts File======

127.0.0.1 localmachine # ***Inserted By STOPzilla***
127.0.0.1 www.searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 www.bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 www.on-search.com # ***Inserted By STOPzilla***
127.0.0.1 newsh.com # ***Inserted By STOPzilla***

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

LOG
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jiquori Roberson at 2008-12-01 16:14:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (5%) free of 72 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:39 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\desksite\bin\cma.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jiquori Roberson\My Documents\My Videos\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Jiquori Roberson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8982ea39-f685-4832-832d-740a2ded7f4a} - C:\WINDOWS\system32\godadoju.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\DOCUME~1\JAHMAR~1\aim.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karina.dat c:\windows\system32\yinonude.dll
O23 - Service: McAfee Application Installer Cleanup (0152141228140163) (0152141228140163mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015214~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12061 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JHUDSON-Jandra Hudson).job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JHUDSON-Jiquori Roberson).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8982ea39-f685-4832-832d-740a2ded7f4a}]
C:\WINDOWS\system32\godadoju.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F5735C15-1FB2-41FE-BA12-242757E69DDE} - ZeroBar - C:\Program Files\NetZero\toolbar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-11-06 2403392]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"Desksite CMA"=C:\Program Files\desksite\bin\cma.exe [2003-10-19 188416]
"Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-11-10 290816]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-04 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-27 1107848]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-16 68856]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe /background []
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karina.dat c:\windows\system32\yinonude.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisableLocalUserRun"=0
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=
"DisableLocalMachineRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1141187726\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1141187726\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1141187726\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1141187726\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\1146527785\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1146527785\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1146527785\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1146527785\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1147744278\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1147744278\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1147744278\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1147744278\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1147814714\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1147814714\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1147814714\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1147814714\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1147915160\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1147915160\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1147915160\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1147915160\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1148001568\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148001568\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148001568\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148001568\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1148242483\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148242483\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148242483\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148242483\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1148428994\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148428994\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148428994\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148428994\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Jiquori Roberson\Desktop\LimeWire\LimeWire.exe"="C:\Documents and Settings\Jiquori Roberson\Desktop\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Jahmard Hudson\aim.exe"="C:\Documents and Settings\Jahmard Hudson\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\WINDOWS\SYSTEM32\logonui.exe"="C:\WINDOWS\SYSTEM32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\SYSTEM32\winlogon.exe"="C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Jahmard Hudson\aim.exe"="C:\Documents and Settings\Jahmard Hudson\aim.exe:*:Enabled:AOL Instant Messenger"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-01 16:14:26 ----DC---- C:\rsit
2008-12-01 09:02:20 ----D---- C:\WINDOWS\LastGood
2008-11-30 14:11:25 ----SH---- C:\WINDOWS\system32\onihisuk.ini
2008-11-30 00:08:27 ----D---- C:\Program Files\Trend Micro
2008-11-30 00:05:06 ----D---- C:\Program Files\Panda Security
2008-11-29 23:57:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-29 23:57:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 02:10:26 ----SH---- C:\WINDOWS\system32\usubitaj.ini
2008-11-12 22:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 22:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 22:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-01 16:14:30 ----D---- C:\WINDOWS\Prefetch
2008-12-01 16:14:29 ----D---- C:\WINDOWS\Temp
2008-12-01 14:21:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-01 09:02:43 ----HD---- C:\WINDOWS\INF
2008-12-01 09:02:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 09:02:20 ----D---- C:\WINDOWS
2008-12-01 09:02:19 ----D---- C:\Program Files\McAfee
2008-11-30 19:42:03 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-30 19:37:53 ----D---- C:\WINDOWS\SYSTEM32
2008-11-30 19:34:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 12:18:46 ----AC---- C:\WINDOWS\wininit.ini
2008-11-30 12:18:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-30 12:18:26 ----D---- C:\Program Files
2008-11-29 11:06:46 ----DC---- C:\Config.Msi
2008-11-29 11:06:45 ----SHD---- C:\WINDOWS\Installer
2008-11-29 11:06:39 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-29 02:10:12 ----N---- C:\WINDOWS\system32\dinizuha.dll
2008-11-23 12:39:47 ----D---- C:\Program Files\Dl_cats
2008-11-23 12:39:47 ----A---- C:\WINDOWS\dellstat.ini
2008-11-20 22:40:35 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-11-19 17:55:06 ----D---- C:\WINDOWS\Help
2008-11-12 22:01:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 22:01:55 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 22:00:50 ----D---- C:\WINDOWS\WinSxS
2008-11-07 11:37:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-05 20:18:45 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-02 16:12:49 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2004-03-22 4272]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 CA504AV;Mega Camera, WDM Video Capture; C:\WINDOWS\System32\Drivers\CA504AV.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 jgameenp;jgameenp; \??\C:\DOCUME~1\JIQUOR~1\LOCALS~1\Temp\jgameenp.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00; C:\WINDOWS\System32\Drivers\Bulk504.sys [2001-10-05 10952]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-08-27 337800]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-27 1017224]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0152141228140163mcinstcleanup;McAfee Application Installer Cleanup (0152141228140163); C:\WINDOWS\TEMP\015214~1.EXE [2008-07-09 315264]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-10-25 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

[Yourhighness]

hi HurrHurr,

Your Panda scan suggests that you have had / have a serious infection aboard! Bagle

Step #1

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

Step #2

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Step #3

Your logs show that you have (a) online poker programme(s) installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs, search for the poker game and remove it.

If you are unsure of anything, please dont hesitate to ask.

Step #4

Run HijackThis, press Scan, and put a check mark next to all these entries:

O2 - BHO: (no name) - {8982ea39-f685-4832-832d-740a2ded7f4a} - C:\WINDOWS\system32\godadoju.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: karina.dat c:\windows\system32\yinonude.dll

Close all other windows and browsers, and press the Fix Checked button.

Step #5

Please download ComboFix from one of these locations:

• ComboFix
  
• ForoSpyware
  
• GeeksToGo

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks!

[HurrHurr]

ComboFix 08-12-02.02 - Jiquori Roberson 2008-12-03 14:33:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1557 [GMT -5:00]
Running from: c:\documents and settings\Jiquori Roberson\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\afyh.sys
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\edyselyt._sy
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\efihitijix.bat
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ekarevedut.pif
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\exasi.dll
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ezewaja.bin
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\feqokuri.inf
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ibaqata.sys
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ijodog.scr
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\lylizyhom.dat
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\nolibut.inf
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\nuxizyxu.vbs
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\ocivezy.db
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\onoviver._sy
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\oporuw.lib
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\pekifup.lib
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\qalepi.vbs
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\qyjixilo.dll
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\uxafekykin.pif
c:\documents and settings\Jiquori Roberson\Local Settings\Temporary Internet Files\xube.vbs
c:\windows\IE4 Error Log.txt
c:\windows\system32\onihisuk.ini
c:\windows\system32\usubitaj.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 14:12 . 2008-12-03 14:11 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-03 14:12 . 2008-12-03 14:11 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-01 16:14 . 2008-12-01 16:14 <DIR> d----c--- C:\rsit
2008-11-30 00:08 . 2008-11-30 00:08 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 00:05 . 2008-11-30 00:05 <DIR> d-------- c:\program files\Panda Security
2008-11-30 00:05 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2008-11-29 23:57 . 2008-11-30 00:02 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 23:57 . 2008-11-30 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 00:25 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 00:24 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 19:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-03 19:18 --------- d-----w c:\program files\Real
2008-12-03 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-03 19:11 --------- d-----w c:\program files\Java
2008-12-02 21:03 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-02 16:53 --------- d-----w c:\program files\McAfee
2008-11-29 07:10 94,772 ------w c:\windows\SYSTEM32\dinizuha.dll
2008-11-23 17:39 --------- d-----w c:\program files\Dl_cats
2008-11-07 16:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-01 17:14 1,170 -c--a-w c:\documents and settings\Jiquori Roberson\Application Data\wklnhst.dat
2008-10-30 11:17 --------- d-----w c:\program files\SUPERAntiSpyware
2008-10-30 11:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-30 11:17 --------- d-----w c:\documents and settings\Jiquori Roberson\Application Data\SUPERAntiSpyware.com
2008-10-29 20:59 --------- d-----w c:\documents and settings\Jiquori Roberson\Application Data\DivX
2008-10-29 20:56 --------- d-----w c:\program files\DivX
2008-10-27 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 20:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 20:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 12:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-15 22:52 --------- d-----w c:\program files\World of Warcraft
2008-10-15 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\SYSTEM32\DivXsm.exe
2008-09-16 00:14 3,596,288 -c--a-w c:\windows\SYSTEM32\qt-dx331.dll
2008-09-16 00:14 129,784 ------w c:\windows\SYSTEM32\pxafs.dll
2008-09-16 00:14 120,056 -c----w c:\windows\SYSTEM32\pxcpyi64.exe
2008-09-16 00:14 118,520 -c----w c:\windows\SYSTEM32\pxinsi64.exe
2008-09-16 00:12 81,920 -c--a-w c:\windows\SYSTEM32\dpl100.dll
2008-09-16 00:12 593,920 -c--a-w c:\windows\SYSTEM32\dpuGUI11.dll
2008-09-16 00:12 57,344 -c--a-w c:\windows\SYSTEM32\dpv11.dll
2008-09-16 00:12 53,248 -c--a-w c:\windows\SYSTEM32\dpuGUI10.dll
2008-09-16 00:12 344,064 -c--a-w c:\windows\SYSTEM32\dpus11.dll
2008-09-16 00:12 294,912 -c--a-w c:\windows\SYSTEM32\dpu11.dll
2008-09-16 00:12 294,912 -c--a-w c:\windows\SYSTEM32\dpu10.dll
2008-09-16 00:12 200,704 -c--a-w c:\windows\SYSTEM32\ssldivx.dll
2008-09-16 00:12 196,608 -c--a-w c:\windows\SYSTEM32\dtu100.dll
2008-09-16 00:12 1,044,480 -c--a-w c:\windows\SYSTEM32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\SYSTEM32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\SYSTEM32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\SYSTEM32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\SYSTEM32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\SYSTEM32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\SYSTEM32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 -c--a-w c:\windows\SYSTEM32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-08-27 15:01 17,367 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\ozibydi.sys
2008-08-27 15:01 16,753 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\ydud.dat
2008-08-27 15:01 16,500 ----a-w c:\program files\Common Files\laxifif._dl
2008-08-27 15:01 15,754 ----a-w c:\program files\Common Files\imededa.inf
2008-08-27 15:01 13,300 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\oreve.bin
2008-08-27 15:01 11,366 ----a-w c:\program files\Common Files\olagym.scr
2008-08-27 14:40 19,319 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\nyhohaji.scr
2008-08-27 14:40 17,323 ----a-w c:\documents and settings\All Users\Application Data\dufokymaju.pif
2008-08-27 14:40 14,606 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\iqyzadom.scr
2008-08-27 14:40 14,148 ----a-w c:\program files\Common Files\fijosoqu.dll
2008-08-27 14:40 13,065 ----a-w c:\program files\Common Files\ebepub.inf
2008-08-27 14:40 12,088 ----a-w c:\documents and settings\All Users\Application Data\bevewanuji.exe
2008-08-27 14:40 10,028 ----a-w c:\program files\Common Files\asetewemo.reg
2008-08-27 00:31 19,771 ----a-w c:\documents and settings\All Users\Application Data\pamexime.sys
2008-08-27 00:31 19,547 ----a-w c:\documents and settings\All Users\Application Data\ximeguk.com
2008-08-27 00:31 17,672 ----a-w c:\documents and settings\All Users\Application Data\doha.bat
2008-08-27 00:31 16,877 ----a-w c:\documents and settings\All Users\Application Data\hygefyrec.dll
2008-08-27 00:31 15,543 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\ceqejus.pif
2008-08-27 00:31 13,731 ----a-w c:\documents and settings\All Users\Application Data\rojaz.dll
2008-08-27 00:31 10,072 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\hobyve.com
2008-08-27 00:26 19,447 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\usyse.bin
2008-08-27 00:26 19,234 ----a-w c:\documents and settings\Jiquori Roberson\Application Data\tovyfe.reg
2008-08-27 00:26 16,177 ----a-w c:\documents and settings\All Users\Application Data\volef.sys
2008-08-27 00:26 15,833 ----a-w c:\program files\Common Files\tyqedete.pif
2008-08-27 00:26 13,522 ----a-w c:\documents and settings\All Users\Application Data\tipitudod.reg
2008-08-27 00:26 12,658 ----a-w c:\program files\Common Files\qynilubo.dll
2008-08-27 00:26 10,211 ----a-w c:\documents and settings\All Users\Application Data\izikadelo.sys
2008-08-26 19:36 19,540 ----a-w c:\program files\Common Files\ucocakow.reg
2008-08-26 19:36 16,879 ----a-w c:\program files\Common Files\ihevav.dl
2008-08-26 19:36 16,778 ----a-w c:\documents and settings\All Users\Application Data\amoged.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-16 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"Desksite CMA"="c:\program files\desksite\bin\cma.exe" [2003-10-19 188416]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-27 1107848]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-04-12 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.VDOM"= vdowave.drv
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=


*Newly Created Service* - JAVAQUICKSTARTERSERVICE
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-11-28 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JHUDSON-Jandra Hudson).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-11-28 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (JHUDSON-Jiquori Roberson).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePoker\EmpirePoker.exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePoker\EmpirePoker.exe -

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 14:37:49
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-03 14:40:34
ComboFix-quarantined-files.txt 2008-12-03 19:39:51

Pre-Run: 4,103,798,784 bytes free
Post-Run: 4,864,114,688 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

271 --- E O F --- 2008-11-27 03:00:28

[Yourhighness]

Hi HurrHurr,

Step #1

• Open notepad and copy/paste the text in the codebox below into it:
  
  

  http://www.malwarebytes.org/forums/index.php?showtopic=7918&pid=37727&st=0&#entry37727
  
  Collect::
  c:\windows\SYSTEM32\dinizuha.dll
  c:\documents and settings\Jiquori Roberson\Application Data\ozibydi.sys
  c:\documents and settings\Jiquori Roberson\Application Data\ydud.dat
  c:\program files\Common Files\laxifif._dl
  c:\program files\Common Files\imededa.inf
  c:\documents and settings\Jiquori Roberson\Application Data\oreve.bin
  c:\program files\Common Files\olagym.scr
  w c:\documents and settings\Jiquori Roberson\Application Data\nyhohaji.scr
  c:\documents and settings\All Users\Application Data\dufokymaju.pif
  c:\documents and settings\Jiquori Roberson\Application Data\iqyzadom.scr
  c:\program files\Common Files\fijosoqu.dll
  c:\program files\Common Files\ebepub.inf
  c:\documents and settings\All Users\Application Data\bevewanuji.exe
  c:\program files\Common Files\asetewemo.reg
  c:\documents and settings\All Users\Application Data\pamexime.sys
  c:\documents and settings\All Users\Application Data\ximeguk.com
  c:\documents and settings\All Users\Application Data\doha.bat
  c:\documents and settings\All Users\Application Data\hygefyrec.dll
  c:\documents and settings\Jiquori Roberson\Application Data\ceqejus.pif
  c:\documents and settings\All Users\Application Data\rojaz.dll
  c:\documents and settings\Jiquori Roberson\Application Data\hobyve.com
  c:\documents and settings\Jiquori Roberson\Application Data\usyse.bin
  c:\documents and settings\Jiquori Roberson\Application Data\tovyfe.reg
  c:\documents and settings\All Users\Application Data\volef.sys
  c:\program files\Common Files\tyqedete.pif
  c:\documents and settings\All Users\Application Data\tipitudod.reg
  c:\program files\Common Files\qynilubo.dll
  c:\documents and settings\All Users\Application Data\izikadelo.sys
  c:\program files\Common Files\ucocakow.reg
  c:\program files\Common Files\ihevav.dl
  c:\documents and settings\All Users\Application Data\amoged.scr
  
  DirLook::
  c:\program files\Dl_cats

  
  
• Save this as CFScript.txt
  
  
  
  
• Refering to the picture above, drag CFScript.txt into ComboFix.exe
  
• When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall
  
• Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
  Please submit this file via the html page that should popup after running ComboFix.
  
  Please include a link to this topic in the message.

Step #2

Please navigate to McAfee.
Then kindly follow all listed steps.
Make sure you save a log file.
You can do this by clicking:

• the File menu and select Save report to file

Make sure you name it in a manner that is easy for you to remember.
Then save it to a place that will also be easy for you to remember (ie. desktop).
Then select the complete contents of that file and post it in your next reply, along with any other logs that may have been requested to be posted.
Thanks!

Step #3

Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)

• You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  
• Now click Start
  
• Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  
• Click Start (the Onlinescanner will now prepare itself for running on your pc)
  
• To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  
• Press Scan
  
• The Onlinescan will now start and scan your pc (this could take a while)
  
• When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  
• Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  
• The Scanresults will now open in Notepad
  
  • Click into the text area, right-click and chose "select all" (or use ctrl+a)
    
  • Right-click again and chose "copy" (or ctrl+c)
    
  • Close Notepad
• Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Step #4

Please post back with the combofix, stinger and nod32 onlinescanner log. Thanks!