My USB Internet disables itself randomly

I did the Vundo Fix and here's the txt file:


VundoFix V7.0.3

Scan started at 5:59:50 PM 4/3/2008

Listing files found while scanning....

C:\WINDOWS\system32\lkuqmyqe.dll
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\ssttr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\lkuqmyqe.dll
C:\WINDOWS\system32\lkuqmyqe.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\rttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\ssttr.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\lkuqmyqe.dll
C:\WINDOWS\system32\lkuqmyqe.dll Has been deleted!

Performing Repairs to the registry.
Done!


And now to do the Combo fix...

And here's the ComboFix log:

ComboFix 08-04-03.3 - Roger 2008-04-03 18:15:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1557 [GMT -7:00]
Running from: C:\Documents and Settings\Roger\My Documents\My Completed Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM5b393edc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\jkkijjk.dll
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\vxxochil.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-03 17:59 . 2008-04-03 18:06 <DIR> d-------- C:\VundoFix Backups
2008-04-02 23:49 . 2008-04-02 23:49 294 --ahs---- C:\WINDOWS\system32\ubnmqsnm.ini
2008-04-02 23:45 . 2008-04-02 23:45 91,712 --------- C:\WINDOWS\system32\rwhlnoxw.dll_old
2008-04-02 06:40 . 2008-04-02 06:40 294 --ahs---- C:\WINDOWS\system32\ehvhkuhp.ini
2008-04-02 06:37 . 2008-04-02 06:37 265,728 --a------ C:\WINDOWS\system32\pmnnn.dll_old
2008-03-28 23:33 . 2008-03-28 23:33 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-17 18:19 . 2008-03-17 18:19 <DIR> d-------- C:\Program Files\Mindscape
2008-03-17 09:19 . 2008-03-17 09:27 <DIR> d-------- C:\Program Files\RegCleaner
2008-03-16 08:56 . 2008-03-16 08:59 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-16 08:56 . 2008-03-16 08:56 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-16 08:56 . 2008-03-16 08:56 <DIR> d--h----- C:\Documents and Settings\Roger\InstallAnywhere
2008-03-16 07:16 . 2008-03-31 00:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-14 19:09 . 2008-03-14 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-14 19:09 . 2007-03-29 04:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-14 19:05 . 2008-03-14 19:05 <DIR> d-------- C:\Documents and Settings\Roger\Application Data\Uniblue
2008-03-12 06:35 . 2008-03-12 06:36 <DIR> d-------- C:\Documents and Settings\Roger\.SunDownloadManager
2008-03-11 13:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-11 12:23 . 2008-03-16 10:18 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-11 09:01 . 2008-03-11 09:01 <DIR> d-------- C:\Program Files\InterMute
2008-03-09 23:04 . 2008-04-03 17:53 434 --a------ C:\WINDOWS\wininit.ini
2008-03-09 22:45 . 2008-04-02 22:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-09 22:45 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-09 22:21 . 2008-03-09 22:21 <DIR> d-------- C:\Program Files\GoldEsel
2008-03-09 22:21 . 2008-03-09 22:21 <DIR> d-------- C:\Program Files\Ahead
2008-03-08 19:06 . 2008-03-08 19:06 <DIR> d-------- C:\Program Files\CCleaner
2008-03-08 18:56 . 2008-03-08 18:56 <DIR> d-------- C:\Documents and Settings\Roger\Application Data\SystemRequirementsLab
2008-03-04 20:49 . 2008-03-04 20:49 <DIR> d-------- C:\Program Files\Wizards of the Coast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 01:17 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-04 01:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-03 06:30 --------- d-----w C:\Documents and Settings\Roger\Application Data\Azureus
2008-04-03 06:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-03 05:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-01 00:21 --------- d-----w C:\Documents and Settings\Roger\Application Data\Apple Computer
2008-03-18 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 16:16 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2008-03-16 14:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 02:15 --------- d-----w C:\Program Files\Azureus
2008-03-07 04:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-02 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 03:46 --------- d-----w C:\Program Files\Lavasoft
2008-03-02 03:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 03:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-01 05:31 --------- d-----w C:\Program Files\MagicDisc
2008-02-27 02:20 --------- d-----w C:\Program Files\Google
2008-02-26 20:22 --------- d-----w C:\Program Files\WinAce
2008-02-23 05:49 --------- d-----w C:\Program Files\PCPitstop
2008-02-23 04:44 --------- d-----w C:\Documents and Settings\Roger\Application Data\OfficeUpdate12
2008-02-23 04:43 --------- d-----w C:\Program Files\Snapshot Viewer
2008-02-23 03:41 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-23 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-23 03:40 --------- d-----w C:\Program Files\Common Files\HP
2008-02-23 03:38 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-23 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT
2008-02-23 02:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-23 01:58 --------- d-----w C:\Documents and Settings\Roger\Application Data\Microsoft Web Folders
2008-02-23 01:25 --------- d-----w C:\Program Files\iTunes
2008-02-23 01:25 --------- d-----w C:\Program Files\iPod
2008-02-23 01:25 --------- d-----w C:\Program Files\Bonjour
2008-02-23 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-23 01:24 --------- d-----w C:\Program Files\QuickTime
2008-02-23 01:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-23 01:24 --------- d-----w C:\Program Files\Apple Software Update
2008-02-23 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-22 01:22 --------- d-----w C:\Program Files\Atari
2008-02-22 01:08 --------- d-----w C:\Documents and Settings\Roger\Application Data\Ahead
2008-02-21 02:05 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-02-21 00:28 --------- d-----w C:\Program Files\MagicISO
2008-02-20 13:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-19 21:54 --------- d-----w C:\Documents and Settings\Roger\Application Data\HP
2008-02-19 19:49 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-19 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-19 19:48 --------- d-----w C:\Program Files\Nero
2008-02-19 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-19 19:27 --------- d-----w C:\Documents and Settings\Roger\Application Data\Grisoft
2008-02-19 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-19 18:58 --------- d-----w C:\Documents and Settings\Roger\Application Data\Media Player Classic
2008-02-19 18:47 --------- d-----w C:\Program Files\VideoLAN
2008-02-19 16:16 --------- d-----w C:\Program Files\DAP
2008-02-19 00:29 96,256 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys
2008-02-15 04:46 --------- d-----w C:\Documents and Settings\Roger\Application Data\TuneUp Software
2008-02-15 04:41 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-15 04:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-15 04:35 --------- d-----w C:\Program Files\Java
2008-02-15 04:34 --------- d-----w C:\Program Files\Common Files\Java
2008-02-15 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-15 04:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-15 04:09 --------- d-----w C:\Program Files\Yahoo!
2008-02-15 04:09 --------- d-----w C:\Program Files\Windows Live
2008-02-15 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-15 00:05 --------- d-----w C:\Program Files\Logitech
2008-02-15 00:05 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-15 00:04 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-02-14 00:53 --------- d-----w C:\Program Files\HP
2008-02-14 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-14 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-14 00:12 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-14 00:05 --------- d-----w C:\Program Files\MSBuild
2008-02-14 00:03 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-14 00:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-12 14:08 --------- d-----w C:\Program Files\Norton 360
2008-02-12 10:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-12 10:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-12 10:03 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-12 10:03 --------- d-----w C:\Program Files\Symantec
2008-02-12 07:37 --------- d-----w C:\Documents and Settings\Roger\Application Data\Symantec
2008-02-12 06:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-12 06:32 --------- d-----w C:\Documents and Settings\Roger\Application Data\AdobeUM
2008-02-12 06:14 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-12 05:31 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-02-12 05:31 --------- d-----w C:\Program Files\Common Files\NVIDIA Shared
2008-02-12 05:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ea8df73-ed55-4826-96da-2893539a928c}]
C:\WINDOWS\system32\rwhlnoxw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8327BE17-3FD9-49A6-B0FC-1B9B97B93223}]
C:\WINDOWS\system32\jkhhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84287134-BD27-4D64-95A3-E4CAFD38FBCA}]
C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CB46795-9901-49BC-91C2-4E527BB6CADC}]
C:\WINDOWS\system32\ssttr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-11 23:31 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-09-02 00:25 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 17:53 131072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 18:54 116072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"580a0d40"="C:\WINDOWS\system32\mnsqmnbu.dll" [ ]
"BM5b393edc"="C:\WINDOWS\system32\lkuqmyqe.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijjk]
jkkijjk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c18c8ef-d8b3-11dc-8c14-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-31 20:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 18:19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-04-03 18:21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 01:21:27
Pre-Run: 57,673,150,464 bytes free
Post-Run: 57,528,811,520 bytes free
.
2008-03-12 10:01:20 --- E O F ---

Weird, my usb connection (and all other connections: wireless too) disabled itself again. I was in the middle of something online....exactly what I don't recall and my modem reset itself and I couldn't connect at all.

And when my computer reboots, I get these 2 prompts:
Error loading C:\WINDOWS\system32\mnsqmnbu.dll
The Specified module could not be found.

Error loading C:\WINDOWS\system32\lkuqmyqe.dll
The Specified module could not be found.

Clicking OK to each doesn't seem to effect anything, but they pop up every time.

And here is the Hijack log after all that:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:13:59 AM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Roger\Desktop\Fixits\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {c829a935-3982-ad69-6284-55de37fd8ae0} - {0ea8df73-ed55-4826-96da-2893539a928c} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8327BE17-3FD9-49A6-B0FC-1B9B97B93223} - (no file)
O2 - BHO: (no name) - {84287134-BD27-4D64-95A3-E4CAFD38FBCA} - (no file)
O2 - BHO: (no name) - {8CB46795-9901-49BC-91C2-4E527BB6CADC} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [580a0d40] rundll32.exe "C:\WINDOWS\system32\mnsqmnbu.dll",b
O4 - HKLM\..\Run: [BM5b393edc] Rundll32.exe "C:\WINDOWS\system32\lkuqmyqe.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c...nt/muwe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: jkkijjk - jkkijjk.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9894 bytes

Double click on this file (C:\WINDOWS\wininit.ini) to open it. Post the contents of that file here.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

Quote:

File:: C:\WINDOWS\system32\rwhlnoxw.dll C:\WINDOWS\system32\jkhhh.dll C:\WINDOWS\system32\pmnnn.dll C:\WINDOWS\system32\ssttr.dll C:\WINDOWS\system32\ubnmqsnm.ini C:\WINDOWS\system32\rwhlnoxw.dll_old C:\WINDOWS\system32\ehvhkuhp.ini C:\WINDOWS\system32\pmnnn.dll_old Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ea8df73-ed55-4826-96da-2893539a928c}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8327BE17-3FD9-49A6-B0FC-1B9B97B93223}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84287134-BD27-4D64-95A3-E4CAFD38FBCA}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CB46795-9901-49BC-91C2-4E527BB6CADC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "580a0d40"=- "BM5b393edc"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijjk]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Any improvement?

[rename]
c:\tempjunk9075.tmp=C:\WINDOWS\system32\gebca.dll_old
nul=c:\tempjunk7023.tmp
c:\tempjunk8576.tmp=C:\WINDOWS\system32\geede.dll_old
c:\tempjunk5694.tmp=C:\WINDOWS\system32\awwgjklb.dll_old
c:\tempjunk2357.tmp=C:\WINDOWS\system32\phukhvhe.dll_old
c:\tempjunk4853.tmp=C:\WINDOWS\system32\bfhksmth.dll_old
c:\tempjunk6897.tmp=C:\WINDOWS\system32\jkhhh.dll_old
c:\tempjunk7242.tmp=C:\WINDOWS\system32\mnsqmnbu.dll_old
c:\tempjunk8602.tmp=C:\WINDOWS\system32\pmnnn.dll_old
c:\tempjunk7023.tmp=C:\WINDOWS\system32\rwhlnoxw.dll_old

what exactly do you want next? Do you want me to copy what you put in the quote box? or does something else get put into my notepad?

I copied the quote box stuff and drug it onto ComboFix... Here's the report:

ComboFix 08-04-16.5 - Roger 2008-04-16 23:46:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1514 [GMT -7:00]
Running from: C:\Documents and Settings\Roger\My Documents\My Completed Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Roger\My Documents\My Completed Downloads\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ehvhkuhp.ini
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnnn.dll_old
C:\WINDOWS\system32\rwhlnoxw.dll
C:\WINDOWS\system32\rwhlnoxw.dll_old
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\ubnmqsnm.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ehvhkuhp.ini
C:\WINDOWS\system32\ubnmqsnm.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-16 20:30 . 2008-04-16 20:30 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-15 20:42 . 2008-04-14 19:27 261,120 --------- C:\WINDOWS\hpqins16.dat.temp
2008-04-15 19:02 . 2008-04-15 19:03 <DIR> d-------- C:\Program Files\Panda Security
2008-04-14 19:27 . 2008-04-15 20:50 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-09 23:30 . 2008-04-09 23:30 <DIR> d-------- C:\Program Files\iPod
2008-04-06 09:56 . 2008-04-06 09:56 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-06 08:35 . 2008-04-15 21:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 08:35 . 2008-04-06 08:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 06:59 . 2008-04-05 06:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-05 06:59 . 2008-03-29 11:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-05 06:59 . 2004-01-09 02:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-05 06:59 . 2008-03-29 11:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-05 06:59 . 2008-03-29 11:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-05 06:59 . 2008-01-17 09:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-05 06:59 . 2008-03-29 11:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 06:59 . 2008-03-29 11:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-05 06:59 . 2008-03-29 11:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-05 06:59 . 2008-03-29 11:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-05 06:59 . 2008-03-29 11:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-05 06:52 . 2008-04-05 06:58 <DIR> d-------- C:\Program Files\Tweak-XP Pro 4
2008-04-05 06:52 . 2008-04-05 06:52 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-04 22:07 . 2008-04-05 22:06 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-04 18:44 . 2008-04-04 18:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-03 17:59 . 2008-04-05 09:21 <DIR> d-------- C:\VundoFix Backups
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 23:33 . 2008-03-28 23:33 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-17 18:19 . 2008-03-17 18:19 <DIR> d-------- C:\Program Files\Mindscape
2008-03-17 09:19 . 2008-03-17 09:27 <DIR> d-------- C:\Program Files\RegCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 06:46 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-17 06:24 --------- d-----w C:\Program Files\Azureus
2008-04-17 06:24 --------- d-----w C:\Documents and Settings\Roger\Application Data\Azureus
2008-04-17 03:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-17 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-16 06:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 06:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-15 02:26 --------- d-----w C:\Program Files\HP
2008-04-14 20:08 --------- d-----w C:\Documents and Settings\Roger\Application Data\Ahead
2008-04-10 06:30 --------- d-----w C:\Program Files\iTunes
2008-04-10 06:29 --------- d-----w C:\Program Files\QuickTime
2008-04-01 00:21 --------- d-----w C:\Documents and Settings\Roger\Application Data\Apple Computer
2008-03-31 07:10 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 16:16 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2008-03-16 17:18 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-16 15:59 --------- d--h--w C:\Program Files\Zero G Registry
2008-03-16 15:56 --------- d-----w C:\Program Files\Ubisoft
2008-03-16 14:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-15 02:05 --------- d-----w C:\Documents and Settings\Roger\Application Data\Uniblue
2008-03-11 16:01 --------- d-----w C:\Program Files\InterMute
2008-03-10 05:21 --------- d-----w C:\Program Files\GoldEsel
2008-03-10 05:21 --------- d-----w C:\Program Files\Ahead
2008-03-09 02:06 --------- d-----w C:\Program Files\CCleaner
2008-03-09 01:56 --------- d-----w C:\Documents and Settings\Roger\Application Data\SystemRequirementsLab
2008-03-05 03:49 --------- d-----w C:\Program Files\Wizards of the Coast
2008-03-02 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 03:46 --------- d-----w C:\Program Files\Lavasoft
2008-03-02 03:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 03:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 05:31 --------- d-----w C:\Program Files\MagicDisc
2008-02-27 02:20 --------- d-----w C:\Program Files\Google
2008-02-26 20:22 --------- d-----w C:\Program Files\WinAce
2008-02-23 05:49 --------- d-----w C:\Program Files\PCPitstop
2008-02-23 04:44 --------- d-----w C:\Documents and Settings\Roger\Application Data\OfficeUpdate12
2008-02-23 04:43 --------- d-----w C:\Program Files\Snapshot Viewer
2008-02-23 03:41 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-23 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-23 03:40 --------- d-----w C:\Program Files\Common Files\HP
2008-02-23 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT
2008-02-23 02:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-23 01:58 --------- d-----w C:\Documents and Settings\Roger\Application Data\Microsoft Web Folders
2008-02-23 01:25 --------- d-----w C:\Program Files\Bonjour
2008-02-23 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-23 01:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-23 01:24 --------- d-----w C:\Program Files\Apple Software Update
2008-02-23 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-22 01:22 --------- d-----w C:\Program Files\Atari
2008-02-21 02:05 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-02-21 00:28 --------- d-----w C:\Program Files\MagicISO
2008-02-20 13:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 21:54 --------- d-----w C:\Documents and Settings\Roger\Application Data\HP
2008-02-19 19:49 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-19 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-19 19:48 --------- d-----w C:\Program Files\Nero
2008-02-19 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-19 19:27 --------- d-----w C:\Documents and Settings\Roger\Application Data\Grisoft
2008-02-19 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-19 18:58 --------- d-----w C:\Documents and Settings\Roger\Application Data\Media Player Classic
2008-02-19 18:47 --------- d-----w C:\Program Files\VideoLAN
2008-02-19 16:16 --------- d-----w C:\Program Files\DAP
2008-02-19 16:14 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-02-19 00:29 96,256 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys
2008-02-05 01:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-01-29 19:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-09-28 02:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 22:15 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-09-02 00:25 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 17:53 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 11:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 11:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c18c8ef-d8b3-11dc-8c14-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 00:39:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-14 21:07:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 23:46:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-04-16 23:47:35
ComboFix-quarantined-files.txt 2008-04-17 06:47:28
ComboFix2.txt 2008-04-04 01:21:30

Pre-Run: 56,903,270,400 bytes free
Post-Run: 56,999,010,304 bytes free
.
2008-04-09 04:28:49 --- E O F ---

Here's my hijack log after all that:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:14:15 AM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Roger\Desktop\Fixits\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c...nt/muwe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11101 bytes

For the C:\Windows\wininet.ini file, open it back up and delete all the contents. Copy/Paste the following back into the file and then save it:

Code:

[rename] NUL=

Do you have problems installing the Windows Recovery Console? Go back to the site where you downloaded Combofix and follow the instructions there to install it. You don't need the XP CD. Just download the tool available at the Microsoft site.

Where's the Panda log?

How is the computer running so far?

I had earlier run and deleted the few things by panda...when I scan now, there is no infection

I installed the Recovery Console.

Overall my system is running ok, but there seems to be excessive drag on it on occasion. Sometimes everything just hangs for no apparent reason.

And for some reason, I recently had to reinstall windows (repair install) to be able to regain my USB internet abilities again....


All my scans don't show anything happening or any infection aside from normal tracking cookies that I can and do remove regularly. I am about to just say to hell with it and scrub it all fresh once more....but I'd rather not if possible.