Yesterday my desktop background was hijacked. Now I have a blue screen with a message in a yellow box that reads "Warning! Spyware Detected on your computer!"

My PC-cillan keeps popping notification messages about "ADW_MPROTECT.B" but no action has been taken and when I do a full scan of the computer nothing shows up.

This morning I discovered that "XP Antivirus 2008" has loaded onto my computer. I can't get rid of this thing.

Furthermore, I continually get "blue screen of death" messages like MAXIMUM WAIT OBJECTS EXCEEDED, PAGE FAULT IN NON PAGE AREA, BOGUS DRIVER, SYSINTERAL GREAT SITE, KMODE EXCEPTION NOT APPLIED, UNEXPECTED KERNEL MODE TRAP, and NO MORE IRP STACK LOCATIONS. When I hit any key, these blue screens disappear and trigger the PC-cillan notification noted above.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:37 AM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\lphce71j0eva1.exe
C:\Program Files\rhca71j0eva1\rhca71j0eva1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\pphce71j0eva1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.weather.com/partnerships/dwuninstall/dw4uninstall.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [WxEx] C:\Program Files\WxEx\WxEx.exe
O4 - HKLM\..\Run: [lphce71j0eva1] C:\WINDOWS\system32\lphce71j0eva1.exe
O4 - HKLM\..\Run: [SMrhca71j0eva1] C:\Program Files\rhca71j0eva1\rhca71j0eva1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\RunOnce: [iolo 3rd Party Reboot] C:\Documents and Settings\All Users\Application Data\iolo\IRestartStub.exe /t "System Mechanic Professional" /i "C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\iolowupd\SystemMechanic7Pro.exe" /v "iolo 3rd Party Reboot" /av "Trend Micro/PC-Cillin Antivirus" /fw "Trend Micro/PC-Cillin Firewall"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A343C209-9930-4FA3-84B6-4CE697EC3F5A} (TSGVClientObj Class) -
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9563 bytes


Here is the ComboFix log:

ComboFix 08-06-20.4 - David Palmieri 2008-06-22 11:45:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1941 [GMT -4:00]
Running from: C:\Documents and Settings\David Palmieri\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\F.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 11:16 . 2008-06-22 11:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-22 11:08 . 2008-06-22 11:11 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-06-22 08:59 . 2008-06-22 08:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 08:59 . 2008-06-22 08:59 <DIR> d-------- C:\Documents and Settings\David Palmieri\Application Data\Malwarebytes
2008-06-22 08:59 . 2008-06-22 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 08:59 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-22 08:59 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-22 07:23 . 2008-06-22 07:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\rhca71j0eva1
2008-06-22 02:55 . 2008-06-22 02:45 60,928 --a------ C:\WINDOWS\SYSTEM32\219.tmp
2008-06-22 02:35 . 2008-06-22 02:35 <DIR> d-------- C:\Program Files\rhca71j0eva1
2008-06-22 02:35 . 2008-06-22 02:35 <DIR> d-------- C:\Documents and Settings\David Palmieri\Application Data\rhca71j0eva1
2008-06-22 02:35 . 2008-06-22 11:35 94,208 --a------ C:\WINDOWS\SYSTEM32\pphce71j0eva1.exe
2008-06-22 02:35 . 2008-06-22 11:35 94,208 --a------ C:\WINDOWS\SYSTEM32\10.tmp
2008-06-22 01:33 . 2008-06-22 01:22 60,928 --a------ C:\WINDOWS\SYSTEM32\1EA.tmp
2008-06-22 00:51 . 2008-06-22 00:41 60,928 --a------ C:\WINDOWS\SYSTEM32\1CE.tmp
2008-06-21 22:47 . 2008-06-21 22:37 60,928 --a------ C:\WINDOWS\SYSTEM32\164.tmp
2008-06-21 22:27 . 2008-06-21 22:16 60,928 --a------ C:\WINDOWS\SYSTEM32\154.tmp
2008-06-21 17:39 . 2008-06-21 17:39 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-21 16:07 . 2008-06-21 16:08 <DIR> d-------- C:\Documents and Settings\David Palmieri\.housecall6.6
2008-06-21 16:07 . 2008-06-21 16:07 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-06-21 13:36 . 2008-06-21 13:36 109,056 --a------ C:\WINDOWS\SYSTEM32\lphce71j0eva1.exe
2008-06-21 13:36 . 2008-06-22 11:34 90,838 --a------ C:\WINDOWS\SYSTEM32\phce71j0eva1.bmp
2008-06-21 13:36 . 2008-06-22 11:46 60,928 --a------ C:\WINDOWS\SYSTEM32\blphce71j0eva1.scr
2008-06-19 19:27 . 2008-06-19 19:27 7,192 --a------ C:\WINDOWS\SYSTEM32\iehlpr32.dll
2008-06-16 07:30 . 2008-06-16 07:30 <DIR> d-------- C:\Program Files\CCleaner
2008-06-16 07:30 . 2008-06-16 07:30 <DIR> d-------- C:\Program Files\BitTornado
2008-06-10 19:48 . 2008-06-16 07:32 <DIR> d-------- C:\4fa479c2e7fe57469a8896b4c51ef287
2008-05-31 10:44 . 2008-06-13 09:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-28 23:29 . 2008-06-16 07:46 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-26 20:34 . 2008-05-26 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 20:52 . 2008-05-31 15:27 <DIR> d-------- C:\Program Files\WxEx
2008-05-25 20:52 . 2008-05-25 20:52 <DIR> d-------- C:\Program Files\The Weather Exchange Installer
2008-05-25 18:29 . 2008-05-25 18:33 <DIR> d-------- C:\Documents and Settings\David Palmieri\Application Data\IEPro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 23:57 --------- d-----w C:\Program Files\Trend Micro
2008-06-21 19:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 19:23 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 09:56 --------- d-----w C:\Program Files\BitComet
2008-05-31 14:45 --------- d-----w C:\Program Files\Google
2008-05-27 00:34 --------- d-----w C:\Program Files\Lavasoft
2008-05-27 00:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 20:56 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE
2008-05-25 20:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-25 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 20:33 --------- d-----w C:\Documents and Settings\David Palmieri\Application Data\OfficeUpdate12
2008-05-20 23:57 --------- d-----w C:\Program Files\TDUAP
2008-05-20 23:57 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-05-19 00:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 00:36 --------- d-----w C:\Program Files\Canon
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-12 01:24 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-05-12 00:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-12 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-11 19:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-11 13:55 --------- d-----w C:\Documents and Settings\David Palmieri\Application Data\Lavasoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-05 01:58 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-05 01:39 --------- d-----w C:\Program Files\MOBILedit!
2008-05-05 01:39 --------- d-----w C:\Program Files\Avanquest update(2)
2008-05-04 01:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-05-04 01:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-05-04 01:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-05-04 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-04 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-05-04 00:53 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-05-04 00:52 92,064 ----a-w C:\Documents and Settings\David Palmieri\mqdmmdm.sys
2008-05-04 00:52 9,232 ----a-w C:\Documents and Settings\David Palmieri\mqdmmdfl.sys
2008-05-04 00:52 79,328 ----a-w C:\Documents and Settings\David Palmieri\mqdmserd.sys
2008-05-04 00:52 66,656 ----a-w C:\Documents and Settings\David Palmieri\mqdmbus.sys
2008-05-04 00:52 6,208 ----a-w C:\Documents and Settings\David Palmieri\mqdmcmnt.sys
2008-05-04 00:52 5,936 ----a-w C:\Documents and Settings\David Palmieri\mqdmwhnt.sys
2008-05-04 00:52 4,048 ----a-w C:\Documents and Settings\David Palmieri\mqdmcr.sys
2008-05-04 00:52 25,600 -c--a-w C:\Documents and Settings\David Palmieri\usbsermptxp.sys
2008-05-04 00:52 22,768 -c--a-w C:\Documents and Settings\David Palmieri\usbsermpt.sys
2008-05-02 20:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 20:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 20:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 10:28 --------- d-----w C:\Documents and Settings\David Palmieri\Application Data\GlarySoft
2008-04-29 10:18 --------- d-----w C:\Documents and Settings\David Palmieri\Application Data\Uniblue
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-21_20.29.04.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 21:20:25 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-22 15:33:28 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"ShutterflyStudio"="C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2008-01-11 21:06 2500096]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"iolo 3rd Party Reboot"="C:\Documents and Settings\All Users\Application Data\iolo\IRestartStub.exe" [2007-09-24 11:08 263016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 08:44 176128]
"CitiVAN"="C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 15:51 192512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-03 22:38 180269]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2004-04-20 14:24 53248]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 18:32 28672]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30 897089]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"WxEx"="C:\Program Files\WxEx\WxEx.exe" [ ]
"lphce71j0eva1"="C:\WINDOWS\system32\lphce71j0eva1.exe" [2008-06-21 13:36 109056]
"SMrhca71j0eva1"="C:\Program Files\rhca71j0eva1\rhca71j0eva1.exe" [2008-06-21 14:22 1642496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-10-09 16:05:41 82026]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a--c--- 2003-09-17 11:43 57344 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-02-17 00:11 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 09:35 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-04-20 14:24 131072 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a--c--- 2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-03-04 04:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2004-10-03 22:38 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
-----c--- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
"NetSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22714:TCP"= 22714:TCP:BitComet 22714 TCP
"22714:UDP"= 22714:UDP:BitComet 22714 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

S3 BEFCMV3XP;Linksys BEFCMU10 EtherFast Cable Modem;C:\WINDOWS\system32\DRIVERS\BEFCM3XP.sys [2003-04-29 05:00]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 14:31]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 13:40:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 11:51:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ShutterflyStudio = C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly???????SE??????????????????????udio Event - ?av?d??????????????????:\????????????????????????????????????????????????????????????????????????????????ALLUSERSPROFILE=C:\Documents and Settings\All Us

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 11:52:55
ComboFix-quarantined-files.txt 2008-06-22 15:52:21
ComboFix2.txt 2008-06-22 00:30:11

Pre-Run: 18,221,649,920 bytes free
Post-Run: 18,326,929,408 bytes free

233 --- E O F --- 2008-06-21 03:55:42


I am frustrated and don't know what to do now.

Thanks.

before I ran hijackthis and combofix, I ran malwarebytes. here are the logs:

Malwarebytes' Anti-Malware 1.18
Database version: 876

10:30:02 AM 6/22/2008
mbam-log-6-22-2008 (10-30-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 124514
Time elapsed: 1 hour(s), 12 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ssQgfdcd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1276\A0155294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denise Settings\temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denise\Local Settings\temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\David\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\David\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\David\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.18
Database version: 876

10:58:17 AM 6/22/2008
mbam-log-6-22-2008 (10-58-17).txt

Scan type: Quick Scan
Objects scanned: 51515
Time elapsed: 23 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\David\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\David\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

I've been hunting for XP Antivirus 2008 on my computer, but it's a sneaky fellow. There is no Program folder named "XP Antivirus" or another derivation like that. Actually, I'm not finding any of the file names mentioned around the web on this program, but it's definitely on my computer.

It seems like some of the program files are nested in this folder:
C -- Program Files -- rhca71j0eva1.

"rhca71j0eva1"

That's definitely the folder. Here are the files inside:

database
licence -- END USER LICENSE AGREEMENT FOR Antivirus XP 2008 SOFTWARE.
MFC71.dll
MFC71ENU.DLL
msvcp71.dll
msvcr71.dll
rhca71j0vea1
rhca71j0vea1.exe.local
rhca71j0vea1Skin.dll
Uninstall

The uninstall is a joke. It doesn't work.

When I do a search for files/folders, I also get this in C:/WINDOWS/Prefetch:
RHCA71J0EVA1.EXE-2629982C.pf


Hope all of this information is useful ...


http://forums.spybot.info/showthread.php?t=30103