can someone please help me, i have heaps of pos.tmp files on my C drive, two icons on the desktop that when deleted come back and heaps of IE popups, it is getting really annoying

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:32 AM, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Gear\GearHelp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rcntslwb.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aaron Leyshan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rcntslwb.exe DWram
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [e8eb1e2a] rundll32.exe "C:\WINDOWS\system32\ismubxoe.dll",b
O4 - HKLM\..\Run: [BMebd82db6] Rundll32.exe "C:\WINDOWS\system32\slylknun.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntslwb.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\krwnw64k.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11520 bytes

ComboFix 08-03-10.1 - Aaron Leyshan 2008-03-11 21:08:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1303 [GMT 11:00]
Running from: C:\Documents and Settings\Aaron Leyshan\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BMebd82db6.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\-
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bhmnmdbw.ini
C:\WINDOWS\system32\civfyqyt.dll
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\dhyomgux.ini
C:\WINDOWS\system32\ganayblf.dll
C:\WINDOWS\system32\gjalvuvl.ini
C:\WINDOWS\system32\iaqkogpx.dll
C:\WINDOWS\system32\kfwcnaxm.dll
C:\WINDOWS\system32\laexbnqv.dll
C:\WINDOWS\system32\lnstcabw.dll
C:\WINDOWS\system32\lvuvlajg.dll
C:\WINDOWS\system32\mbotcpbl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mtcckasd.dll
C:\WINDOWS\system32\noqsrusj.dll
C:\WINDOWS\system32\ojnhiyja.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ppdrefkj.ini
C:\WINDOWS\system32\rev1
C:\WINDOWS\system32\tyqyfvic.ini
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\xooxhnns.dll
C:\WINDOWS\system32\xugmoyhd.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-11 21:18 . 2008-03-11 21:18 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\IDS_COMPANY
2008-03-10 21:04 . 2008-03-10 21:05 <DIR> d-------- C:\Superbad[2007][Unrated Editon]DvDrip[Eng]-FXG
2008-03-10 21:03 . 2008-03-10 21:04 <DIR> d-------- C:\Juno.DVDSCR.XViD-HLS.[www.torrentfive.com]
2008-03-10 01:55 . 2008-03-10 02:01 <DIR> d-------- C:\VundoFix Backups
2008-03-09 22:20 . 2008-03-09 22:20 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-09 19:46 . 2008-03-10 19:10 774 ---hs---- C:\WINDOWS\system32\eoxbumsi.ini
2008-03-08 02:41 . 1997-01-02 17:00 27,136 --a------ C:\WINDOWS\system\WAVMIX16.DLL
2008-03-07 22:19 . 1997-01-02 17:00 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL
2008-03-07 22:19 . 1997-01-02 17:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-03-07 22:19 . 1997-01-02 17:00 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2008-03-07 22:19 . 1997-01-02 17:00 6,736 --a------ C:\WINDOWS\system32\WINGDIB.DRV
2008-03-07 22:19 . 1997-01-02 17:00 5,024 --a------ C:\WINDOWS\system32\WINGPAL.WND
2008-03-07 22:19 . 1997-01-02 17:00 1,966 --a------ C:\WINDOWS\system32\DVA.386
2008-03-07 22:19 . 2008-03-07 22:19 357 --a------ C:\WINDOWS\SYSTEM.MXS
2008-03-07 22:18 . 2008-03-07 22:18 <DIR> d-------- C:\Maxis
2008-03-07 22:18 . 1997-01-02 17:00 27,136 --a------ C:\WINDOWS\system32\WAVMIX16.DLL
2008-03-07 22:18 . 1997-01-02 17:00 2,554 --a------ C:\WINDOWS\WAVEMIX.INI
2008-03-07 22:18 . 2008-03-08 02:47 163 --a------ C:\WINDOWS\SimTower.ini
2008-03-07 22:17 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2008-03-06 20:13 . 2008-03-06 20:13 <DIR> d-------- C:\Program Files\Yahoo! Games
2008-03-06 14:08 . 2008-03-06 14:08 <DIR> d-------- C:\Program Files\Kudos
2008-03-06 14:03 . 2008-03-07 14:15 1,134 ---hs---- C:\WINDOWS\system32\kxihcdkq.ini
2008-03-05 22:42 . 2008-03-05 22:42 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\InterVideo
2008-03-05 22:08 . 2008-03-05 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-03-05 15:28 . 2008-03-05 15:28 <DIR> d-------- C:\Program Files\Real
2008-03-05 15:28 . 2008-03-05 15:28 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-05 15:28 . 2008-03-05 15:28 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-05 15:27 . 2008-03-05 15:27 <DIR> d-------- C:\Program Files\InterVideo Information Service
2008-03-05 15:27 . 2008-03-05 15:27 <DIR> d-------- C:\Program Files\Common Files\Ulead
2008-03-05 15:27 . 2006-05-11 18:41 654 --------- C:\WINDOWS\remove.iss
2008-03-05 15:26 . 2008-03-05 15:26 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-05 15:26 . 2008-03-05 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-05 12:02 . 2008-03-06 13:57 954 ---hs---- C:\WINDOWS\system32\uptfdpnq.ini
2008-03-05 11:59 . 2008-03-05 11:59 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\MysteryStudio
2008-03-04 23:50 . 2008-03-04 23:50 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Gaijin Ent
2008-03-04 22:09 . 2008-03-04 22:09 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Sandlot Games
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\iTunes
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\iPod
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\Bonjour
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Apple Computer
2008-03-04 20:38 . 2008-03-11 21:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 20:38 . 2008-03-04 20:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Program Files\QuickTime
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-04 20:37 . 2008-03-05 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-04 11:59 . 2008-03-05 11:59 834 ---hs---- C:\WINDOWS\system32\ypelbdkb.ini
2008-03-03 21:55 . 2008-03-03 21:55 <DIR> d-------- C:\Program Files\Jojo's Fashion Show
2008-03-03 20:36 . 2008-03-03 20:36 <DIR> d-------- C:\Program Files\Tikgames
2008-03-03 12:58 . 2008-03-03 12:58 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-03-03 02:31 . 2008-03-04 11:53 594 ---hs---- C:\WINDOWS\system32\vycqntek.ini
2008-03-02 03:23 . 2008-03-02 03:23 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-02 03:23 . 2008-03-02 03:23 <DIR> d-------- C:\Program Files\Symantec
2008-03-02 03:23 . 2008-03-02 03:26 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-03-02 03:23 . 2008-03-02 03:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-02 03:23 . 2008-03-02 03:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-02 03:23 . 2008-03-02 03:23 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-02 03:23 . 2008-03-02 03:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-02 03:16 . 2008-03-02 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-02 02:12 . 2008-03-02 03:13 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\.housecall6.6
2008-02-29 16:19 . 2008-02-29 16:23 776,230,560 --a------ C:\LG DVD-W.mdf
2008-02-29 16:19 . 2008-02-29 16:23 486 --a------ C:\LG DVD-W.mds
2008-02-29 15:24 . 2008-02-29 15:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-29 15:20 . 2008-02-29 15:21 474 --ahs---- C:\WINDOWS\system32\ukabbvre.ini
2008-02-28 21:54 . 2008-02-29 15:18 414 --ahs---- C:\WINDOWS\system32\knwtjnnf.ini
2008-02-28 17:32 . 2008-02-28 17:35 275 --a------ C:\WINDOWS\wininit.ini
2008-02-28 17:04 . 2008-02-28 17:00 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-28 17:04 . 2008-02-28 17:04 2,546 --a------ C:\WINDOWS\unins000.dat
2008-02-28 16:56 . 2008-02-29 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 21:59 . 2008-02-27 21:59 13,942 --a------ C:\WINDOWS\system32\N90-002.ico
2008-02-25 20:38 . 2008-02-25 20:38 <DIR> d-------- C:\Program Files\Wedding Dash
2008-02-25 20:36 . 2008-02-25 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-25 20:34 . 2008-02-25 20:34 <DIR> d-------- C:\WINDOWS\Bigfish Games Miss Management
2008-02-25 20:34 . 2008-02-25 20:35 <DIR> d-------- C:\Program Files\Bigfish Games Miss Management
2008-02-25 19:25 . 2008-02-25 19:25 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-25 19:22 . 2008-03-02 03:50 <DIR> d-------- C:\WINDOWS\system32\iDlo18
2008-02-25 19:22 . 2008-02-29 16:14 <DIR> d-------- C:\WINDOWS\system32\bmv4
2008-02-25 19:22 . 2008-02-25 19:22 <DIR> d-------- C:\WINDOWS\system32\aux9
2008-02-25 19:22 . 2008-03-11 21:08 <DIR> d-------- C:\Temp
2008-02-25 19:22 . 2008-02-25 19:22 200,774 --a------ C:\WINDOWS\system32\rcntslwb.exe
2008-02-25 19:22 . 2008-02-25 19:22 134 --a------ C:\n.bat
2008-02-25 06:29 . 2008-02-25 06:29 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
2008-02-25 06:27 . 2008-02-25 06:27 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-25 06:27 . 2008-02-25 06:30 <DIR> d-------- C:\Program Files\AlienGUIse
2008-02-25 06:27 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-02-25 06:27 . 2008-02-25 06:27 56 --a------ C:\WINDOWS\wb.ini
2008-02-25 05:31 . 2008-02-25 05:31 <DIR> d-------- C:\THE_BROTHERS_SOLOMON
2008-02-25 04:56 . 2008-02-25 05:00 <DIR> d-------- C:\the condemed
2008-02-25 04:55 . 2008-02-25 04:55 <DIR> d-------- C:\temp_dvd
2008-02-25 04:54 . 2008-02-25 06:06 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-02-24 23:44 . 2008-03-03 21:59 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Gamelab
2008-02-23 03:33 . 2008-02-23 03:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
2008-02-23 03:21 . 2008-02-25 20:37 125 --a------ C:\ioSpecial.ini
2008-02-23 01:06 . 2008-02-23 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-02-23 01:06 . 2008-02-23 01:06 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Valusoft
2008-02-22 23:15 . 2008-02-22 23:15 <DIR> d-------- C:\Program Files\iriver
2008-02-19 00:28 . 2008-02-19 00:28 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Home Sweet Home
2008-02-19 00:19 . 2008-02-19 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-02-18 00:50 . 2008-02-23 02:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 10:12 --------- d-----w C:\Documents and Settings\Aaron Leyshan\Application Data\uTorrent
2008-03-11 07:43 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-09 14:59 --------- d-----w C:\Program Files\PowerISO
2008-03-06 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-05 04:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 04:26 --------- d-----w C:\Program Files\InterVideo
2008-03-05 04:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-05 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-03 09:13 --------- d-----w C:\Documents and Settings\Aaron Leyshan\Application Data\LimeWire
2008-03-02 16:05 0 ----a-w C:\Program Files\temp01
2008-03-01 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 09:33 --------- d-----w C:\Program Files\Mio Technology
2008-02-10 07:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-10 07:14 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-06 21:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-02-06 21:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2008-02-02 02:26 --------- d-----w C:\Program Files\Project64 1.6
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2008-02-01 22:55 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2008-02-01 01:51 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2008-02-01 01:51 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2008-02-01 01:51 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2008-01-29 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-27 07:40 --------- d-----w C:\Program Files\EA GAMES
2008-01-27 07:33 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-22 11:08 --------- d-----w C:\Program Files\uTorrent
2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-04 05:51 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-01-04 05:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-04 05:51 22,328 ----a-w C:\Documents and Settings\Aaron Leyshan\Application Data\PnkBstrK.sys
2008-01-04 05:51 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-03 06:16 3,381,280 ----a-w C:\LimeWireWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-02 03:24 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-12 12:50 212992]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 23:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-11-04 22:53 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-11-04 22:53 729088]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2007-11-04 22:53 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-11-04 22:53 1953792]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2007-11-04 22:53 363008]
"Ai Gear Help"="C:\Program Files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 20:39 415744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 03:43 8466432]
"nwiz"="nwiz.exe" [2007-11-04 22:53 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 03:43 81920]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-29 11:41 1245184]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 12:10 409600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 28160 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 28160 C:\WINDOWS\KHALMNPR.Exe]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2005-11-03 02:56 1110079]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2005-11-03 02:42 188928]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 12:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 17:49 718704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-05 15:28 180269]
"ExploreUpdSched"="C:\WINDOWS\system32\rcntslwb.exe" [2008-02-25 19:22 200774]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 23:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-29 19:54:24 303104]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-23 18:56:08 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywxxw]
yaywxxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2007-11-05 00:20 1419776 C:\Program Files\ASUS\AI Nap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2007-11-05 20:03 1122304 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-11-05 20:02 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2007-11-05 20:02 3714048 C:\Program Files\ASUS\AI Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\PROGRA~1\\WINZIP\\wzqkpick.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 03:17]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-08-28 10:58]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-07 08:43]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-08-28 10:58]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-13 13:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-07 08:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 09:50:21 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Aaron Leyshan.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 21:18:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\winpfz37.sys 908 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
r Running Proce
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-03-11 21:23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-11 10:23:06
.
2008-03-09 11:20:07 --- E O F ---

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\eoxbumsi.ini
C:\WINDOWS\system32\kxihcdkq.ini
C:\WINDOWS\remove.iss
C:\WINDOWS\system32\uptfdpnq.ini
C:\WINDOWS\system32\ypelbdkb.ini
C:\WINDOWS\system32\vycqntek.ini
C:\WINDOWS\system32\ukabbvre.ini
C:\WINDOWS\system32\knwtjnnf.ini
C:\WINDOWS\system32\N90-002.ico
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\rcntslwb.exe
C:\n.bat
C:\WINDOWS\system32\yaywxxw.dll
C:\WINDOWS\system32\ismubxoe.dll
C:\WINDOWS\system32\slylknun.dll

Folder::
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\bmv4
C:\WINDOWS\system32\aux9
C:\Temp

Driver::
yaywxxw
e8eb1e2a
BMebd82db6

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ExploreUpdSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywxxw]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log and a new Hijack This log please.

ComboFix 08-03-10.1 - Aaron Leyshan 2008-03-12 19:46:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1472 [GMT 11:00]
Running from: C:\Documents and Settings\Aaron Leyshan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aaron Leyshan\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\n.bat
C:\WINDOWS\remove.iss
C:\WINDOWS\system32\eoxbumsi.ini
C:\WINDOWS\system32\ismubxoe.dll
C:\WINDOWS\system32\knwtjnnf.ini
C:\WINDOWS\system32\kxihcdkq.ini
C:\WINDOWS\system32\N90-002.ico
C:\WINDOWS\system32\rcntslwb.exe
C:\WINDOWS\system32\slylknun.dll
C:\WINDOWS\system32\ukabbvre.ini
C:\WINDOWS\system32\uptfdpnq.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vycqntek.ini
C:\WINDOWS\system32\yaywxxw.dll
C:\WINDOWS\system32\ypelbdkb.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Aaron Leyshan\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Aaron Leyshan\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{04AD5645-C0D7-1EA1-BE0C-A3807DDC74B7}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{1316FF29-D164-C748-0340-3362DBA11A82}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{23DECF3B-63FC-EBFB-993D-49CF6D926FAA}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{3C73D9E2-2139-C06D-816D-4C7E8974866E}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{46882881-8F23-1C1D-2254-CD75DDF8FB26}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{481EA914-181D-3558-87B2-768C7D717A81}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{8114CF87-24A8-9544-4CC3-7C4DB9486B64}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{98D844F0-CD8E-6A8F-3220-741D583D71B3}
C:\n.bat
C:\Temp
C:\WINDOWS\remove.iss
C:\WINDOWS\system32\aux9
C:\WINDOWS\system32\aux9\pon89104.exe
C:\WINDOWS\system32\bmv4
C:\WINDOWS\system32\eoxbumsi.ini
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\knwtjnnf.ini
C:\WINDOWS\system32\kxihcdkq.ini
C:\WINDOWS\system32\N90-002.ico
C:\WINDOWS\system32\rcntslwb.exe
C:\WINDOWS\system32\ukabbvre.ini
C:\WINDOWS\system32\uptfdpnq.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vycqntek.ini
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\ypelbdkb.ini
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-11 21:23 . 2008-03-12 19:47 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-11 21:18 . 2008-03-11 21:18 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\IDS_COMPANY
2008-03-10 21:04 . 2008-03-10 21:05 <DIR> d-------- C:\Superbad[2007][Unrated Editon]DvDrip[Eng]-FXG
2008-03-10 21:03 . 2008-03-10 21:04 <DIR> d-------- C:\Juno.DVDSCR.XViD-HLS.[www.torrentfive.com]
2008-03-10 01:55 . 2008-03-10 02:01 <DIR> d-------- C:\VundoFix Backups
2008-03-09 22:20 . 2008-03-09 22:20 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-08 02:41 . 1997-01-02 17:00 27,136 --a------ C:\WINDOWS\system\WAVMIX16.DLL
2008-03-07 22:19 . 1997-01-02 17:00 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL
2008-03-07 22:19 . 1997-01-02 17:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-03-07 22:19 . 1997-01-02 17:00 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2008-03-07 22:19 . 1997-01-02 17:00 6,736 --a------ C:\WINDOWS\system32\WINGDIB.DRV
2008-03-07 22:19 . 1997-01-02 17:00 5,024 --a------ C:\WINDOWS\system32\WINGPAL.WND
2008-03-07 22:19 . 1997-01-02 17:00 1,966 --a------ C:\WINDOWS\system32\DVA.386
2008-03-07 22:19 . 2008-03-07 22:19 357 --a------ C:\WINDOWS\SYSTEM.MXS
2008-03-07 22:18 . 2008-03-07 22:18 <DIR> d-------- C:\Maxis
2008-03-07 22:18 . 1997-01-02 17:00 27,136 --a------ C:\WINDOWS\system32\WAVMIX16.DLL
2008-03-07 22:18 . 1997-01-02 17:00 2,554 --a------ C:\WINDOWS\WAVEMIX.INI
2008-03-07 22:18 . 2008-03-08 02:47 163 --a------ C:\WINDOWS\SimTower.ini
2008-03-07 22:17 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2008-03-06 20:13 . 2008-03-06 20:13 <DIR> d-------- C:\Program Files\Yahoo! Games
2008-03-06 14:08 . 2008-03-06 14:08 <DIR> d-------- C:\Program Files\Kudos
2008-03-05 22:42 . 2008-03-05 22:42 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\InterVideo
2008-03-05 22:08 . 2008-03-05 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-03-05 15:28 . 2008-03-05 15:28 <DIR> d-------- C:\Program Files\Real
2008-03-05 15:28 . 2008-03-05 15:28 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-05 15:28 . 2008-03-05 15:28 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-05 15:27 . 2008-03-05 15:27 <DIR> d-------- C:\Program Files\InterVideo Information Service
2008-03-05 15:27 . 2008-03-05 15:27 <DIR> d-------- C:\Program Files\Common Files\Ulead
2008-03-05 15:26 . 2008-03-05 15:26 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-05 15:26 . 2008-03-05 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-05 11:59 . 2008-03-05 11:59 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\MysteryStudio
2008-03-04 23:50 . 2008-03-04 23:50 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Gaijin Ent
2008-03-04 22:09 . 2008-03-04 22:09 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Sandlot Games
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\iTunes
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\iPod
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\Bonjour
2008-03-04 20:38 . 2008-03-04 20:38 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Apple Computer
2008-03-04 20:38 . 2008-03-12 19:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 20:38 . 2008-03-04 20:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Program Files\QuickTime
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-04 20:37 . 2008-03-05 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-04 20:37 . 2008-03-04 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-03 20:36 . 2008-03-03 20:36 <DIR> d-------- C:\Program Files\Tikgames
2008-03-03 12:58 . 2008-03-03 12:58 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-03-02 03:23 . 2008-03-02 03:23 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-02 03:23 . 2008-03-02 03:23 <DIR> d-------- C:\Program Files\Symantec
2008-03-02 03:23 . 2008-03-02 03:26 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-03-02 03:23 . 2008-03-02 03:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-02 03:23 . 2008-03-02 03:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-02 03:23 . 2008-03-02 03:23 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-02 03:23 . 2008-03-02 03:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-02 03:16 . 2008-03-02 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-02 02:12 . 2008-03-02 03:13 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\.housecall6.6
2008-02-29 16:19 . 2008-02-29 16:23 776,230,560 --a------ C:\LG DVD-W.mdf
2008-02-29 16:19 . 2008-02-29 16:23 486 --a------ C:\LG DVD-W.mds
2008-02-29 15:24 . 2008-02-29 15:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-28 17:32 . 2008-02-28 17:35 275 --a------ C:\WINDOWS\wininit.ini
2008-02-28 17:04 . 2008-02-28 17:00 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-28 17:04 . 2008-02-28 17:04 2,546 --a------ C:\WINDOWS\unins000.dat
2008-02-28 16:56 . 2008-02-29 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 20:38 . 2008-02-25 20:38 <DIR> d-------- C:\Program Files\Wedding Dash
2008-02-25 20:34 . 2008-02-25 20:34 <DIR> d-------- C:\WINDOWS\Bigfish Games Miss Management
2008-02-25 20:34 . 2008-02-25 20:35 <DIR> d-------- C:\Program Files\Bigfish Games Miss Management
2008-02-25 06:29 . 2008-02-25 06:29 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
2008-02-25 06:27 . 2008-02-25 06:27 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-25 06:27 . 2008-02-25 06:30 <DIR> d-------- C:\Program Files\AlienGUIse
2008-02-25 06:27 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-02-25 06:27 . 2008-02-25 06:27 56 --a------ C:\WINDOWS\wb.ini
2008-02-25 05:31 . 2008-02-25 05:31 <DIR> d-------- C:\THE_BROTHERS_SOLOMON
2008-02-25 04:56 . 2008-02-25 05:00 <DIR> d-------- C:\the condemed
2008-02-25 04:55 . 2008-02-25 04:55 <DIR> d-------- C:\temp_dvd
2008-02-25 04:54 . 2008-02-25 06:06 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-02-24 23:44 . 2008-03-03 21:59 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Gamelab
2008-02-23 03:33 . 2008-02-23 03:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
2008-02-23 03:21 . 2008-02-25 20:37 125 --a------ C:\ioSpecial.ini
2008-02-23 01:06 . 2008-02-23 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-02-23 01:06 . 2008-02-23 01:06 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Valusoft
2008-02-22 23:15 . 2008-02-22 23:15 <DIR> d-------- C:\Program Files\iriver
2008-02-19 00:28 . 2008-02-19 00:28 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Home Sweet Home
2008-02-19 00:19 . 2008-02-19 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-02-18 00:50 . 2008-02-23 02:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-18 00:50 . 2008-02-26 02:12 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\PlayFirst
2008-02-17 23:50 . 2008-02-17 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-17 18:49 . 2008-02-17 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-02-17 18:49 . 2008-02-17 18:49 <DIR> d-------- C:\Documents and Settings\Aaron Leyshan\Application Data\Oberon Games
2008-02-16 17:49 . 2008-02-16 17:50 <DIR> d-------- C:\CLT
2008-02-16 17:49 . 2001-05-03 16:20 1,953,792 --a------ C:\WINDOWS\system\MSDXM.OCX
2008-02-16 17:49 . 2008-02-16 17:49 286,720 --------- C:\WINDOWS\Setup1.exe
2008-02-16 17:49 . 2008-02-16 17:49 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-12 23:20 . 2008-02-12 23:24 <DIR> d-------- C:\Disk images

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 08:42 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-12 01:46 --------- d-----w C:\Documents and Settings\Aaron Leyshan\Application Data\uTorrent
2008-03-12 01:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-12 01:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 14:59 --------- d-----w C:\Program Files\PowerISO
2008-03-05 04:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 04:26 --------- d-----w C:\Program Files\InterVideo
2008-03-05 04:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-05 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-03 09:13 --------- d-----w C:\Documents and Settings\Aaron Leyshan\Application Data\LimeWire
2008-03-02 16:05 0 ----a-w C:\Program Files\temp01
2008-03-01 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 09:33 --------- d-----w C:\Program Files\Mio Technology
2008-02-10 07:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-10 07:14 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-06 21:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-02-06 21:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2008-02-02 02:26 --------- d-----w C:\Program Files\Project64 1.6
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2008-02-01 22:55 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2008-02-01 01:51 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2008-02-01 01:51 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2008-02-01 01:51 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2008-01-29 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-27 07:40 --------- d-----w C:\Program Files\EA GAMES
2008-01-27 07:33 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-22 11:08 --------- d-----w C:\Program Files\uTorrent
2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-04 05:51 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-01-04 05:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-04 05:51 22,328 ----a-w C:\Documents and Settings\Aaron Leyshan\Application Data\PnkBstrK.sys
2008-01-04 05:51 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-03 06:16 3,381,280 ----a-w C:\LimeWireWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-02 03:24 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-12 12:50 212992]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 23:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-11-04 22:53 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-11-04 22:53 729088]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2007-11-04 22:53 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-11-04 22:53 1953792]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2007-11-04 22:53 363008]
"Ai Gear Help"="C:\Program Files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 20:39 415744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 03:43 8466432]
"nwiz"="nwiz.exe" [2007-11-04 22:53 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 03:43 81920]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-29 11:41 1245184]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 12:10 409600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 28160 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 28160 C:\WINDOWS\KHALMNPR.Exe]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2005-11-03 02:56 1110079]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2005-11-03 02:42 188928]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 12:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 17:49 718704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-05 15:28 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 23:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-29 19:54:24 303104]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-23 18:56:08 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2007-11-05 00:20 1419776 C:\Program Files\ASUS\AI Nap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2007-11-05 20:03 1122304 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-11-05 20:02 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2007-11-05 20:02 3714048 C:\Program Files\ASUS\AI Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\PROGRA~1\\WINZIP\\wzqkpick.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 03:17]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-08-28 10:58]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-07 08:43]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-08-28 10:58]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-13 13:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-07 08:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 09:50:21 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Aaron Leyshan.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 19:49:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-12 19:50:34
ComboFix-quarantined-files.txt 2008-03-12 08:50:19
ComboFix2.txt 2008-03-11 10:23:09
.
2008-03-09 11:20:07 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:15 PM, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Gear\GearHelp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aaron Leyshan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11574 bytes

Your log is clean.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download CCleaner from the following link:

http://filehippo.com/download_ccleaner/

After you download it to your desktop and begin installing it only allow the "install icon on desktop" to install . Then run it, use only as suggested, it's powerful use only the prechecked items.

Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Click on the JDK 6 Update 5 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jdk-6u5-windows-i586-p.exe
to install the newest version.

Thanks heaps!!

Glad we could help.