I used ATF cleaner, Malware Bytes Anti-Malware and Rooter
Here's my malware log
Malwarebytes' Anti-Malware 1.36
Database version: 2112
Windows 5.1.2600 Service Pack 3
5/11/2009 9:53:18 PM
mbam-log-2009-05-11 (21-53-18).txt
Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 264532
Time elapsed: 2 hour(s), 12 minute(s), 56 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
C:\WINDOWS\system32\sysregi.exe (Backdoor.Rbot) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nod32 runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\nod32 runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Nod32 Runtime (Backdoor.Rbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\lsa\Hotfix-KB5504305 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\brenda\Application Data\Adobe\kernell32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysregi.exe (Backdoor.Rbot) -> Delete on reboot.
And my Rooter log
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:149464 Mo/Free:3678 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:114470 Mo/Free:1241 Mo)
F:\ [Fixed] - FAT32 - (Total:953634 Mo/Free:3952 Mo)
Mon 05/11/2009|22:14
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
---------- C:\WINDOWS\system32\IoctlSvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\system32\LVCOMSX.EXE
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Logitech\Video\LogiTray.exe
---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
---------- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\dlcccoms.exe
---------- C:\Program Files\Dell Support\DSAgnt.exe
---------- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
---------- C:\Program Files\Logitech\Video\FxSvr2.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\Program Files\Registry Mechanic\RegMech.exe
---------- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\brenda\Local Settings\temp\[isoHunt] NCH.Express.Burn.Plus.v4.02.WinAll.Incl.Keygen-CRD.rar.torrent
1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/11/2009|22:18
----------------------\\ Scan completed at 22:18