Unknown - can't access certain websites

c:\windows\system32\28463\Sep_08_2007__23_39_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_39_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_41_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_41_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_41_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_42_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_43_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_53.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_44_59.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_06.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_13.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_20.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_28.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_36.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_43.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_44.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_51.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_54.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_55.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_56.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_57.jpg
c:\windows\system32\28463\Sep_08_2007__23_45_58.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_00.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_01.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_02.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_03.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_04.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_05.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_07.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_08.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_09.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_10.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_11.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_12.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_14.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_15.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_16.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_17.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_18.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_19.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_21.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_22.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_23.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_24.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_25.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_26.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_27.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_29.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_30.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_31.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_32.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_33.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_34.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_35.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_37.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_38.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_39.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_40.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_41.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_42.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_44.jpg

c:\windows\system32\28463\Sep_08_2007__23_46_45.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_46.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_47.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_48.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_49.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_50.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_52.jpg
c:\windows\system32\28463\Sep_08_2007__23_46_53.jpg
c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk
c:\windows\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\UACjnrntfokmgsrmue.sys
c:\windows\system32\drivers\UACnwtaqurkrjntjlk.sys
c:\windows\system32\Install.txt
c:\windows\system32\Packet.dll
c:\windows\system32\UACbssbpenlvronkfp.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkocdtkvesrxvkwl.dll
c:\windows\system32\UAClerylnqlpladaiw.dll
c:\windows\system32\UAClrmjhnylyxcshoo.log
c:\windows\system32\UACltouilrpeeyhdkx.dat
c:\windows\system32\UACufigvatxqyeprws.dll
c:\windows\system32\UACukugvtxbdtfjlnj.log
c:\windows\system32\UACuriwgrbkjuvbvah.log
c:\windows\system32\UACykryhamxoqooawh.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wpcap.dll
D:\winlogon.exe

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_NPF
-------\Legacy_SOPIDKC
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 18:20 . 2009-07-09 18:20 -------- d-----w- c:\program files\AdvancedVirusRemover
2009-07-09 16:48 . 2009-07-09 16:48 20480 ----a-w- c:\windows\system32\winhelper.dll
2009-07-09 13:58 . 2009-07-09 13:58 -------- d-----w- c:\program files\Trend Micro
2009-07-04 16:51 . 2009-07-04 16:51 -------- d-----w- C:\videooutput
2009-07-04 16:51 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-04 16:51 . 2009-06-04 12:17 8676883 ----a-w- c:\windows\system32\NCMedia2.dll
2009-07-03 21:20 . 2009-07-03 21:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\documents and settings\Steven\Application Data\Malwarebytes
2009-07-02 22:12 . 2009-07-09 18:19 -------- d-sh--w- c:\windows\system32\pord32
2009-07-02 22:03 . 2009-07-09 14:47 -------- d-----w- c:\program files\drv
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\Steven\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\AVS4YOU
2009-06-30 23:31 . 2006-03-03 09:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-06-30 23:31 . 2003-05-21 12:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-30 23:31 . 2002-01-05 14:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-30 23:15 . 2009-06-30 23:15 -------- d-----w- c:\program files\Panopreter
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-26 11:50 . 2009-06-26 12:32 -------- d-----w- c:\documents and settings\Steven\Application Data\Download Manager
2009-06-25 19:23 . 2009-07-09 18:21 -------- d-sh--w- c:\windows\system32\xors32
2009-06-19 19:35 . 2009-06-19 19:35 -------- d-----w- c:\program files\Beyluxe Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 18:23 . 2009-03-27 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-07-09 14:55 . 2008-07-01 14:53 34 ----a-w- c:\documents and settings\Steven\jagex_runescape_preferences.dat
2009-07-09 14:33 . 2009-05-18 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:11 . 2009-02-08 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 22:30 . 2007-03-17 14:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-04 16:51 . 2008-05-18 19:04 -------- d-----w- c:\program files\Smallvideosoft
2009-07-03 21:23 . 2007-03-17 15:37 -------- d-----w- c:\program files\Google
2009-07-02 21:52 . 2009-07-02 21:52 63488 ----a-w- c:\windows\system32\calc.tmp
2009-07-01 19:13 . 2007-03-31 09:57 -------- d-----w- c:\program files\Steam
2009-06-26 13:00 . 2007-03-17 14:51 46072 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 12:55 . 2006-08-11 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 10:27 . 2009-05-18 17:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-05-18 17:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:54 . 2009-05-06 15:35 -------- d-----w- c:\program files\SwiftKit
2009-06-12 18:15 . 2009-04-27 16:57 50176 ----a-w- c:\windows\system32\lspktg.dll
2009-06-07 12:31 . 2009-06-02 14:27 -------- d-----w- c:\documents and settings\Steven\Application Data\Apple Computer
2009-06-02 14:27 . 2009-06-02 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-02 14:26 . 2009-06-02 14:26 -------- d-----w- c:\program files\iPod
2009-06-02 14:26 . 2009-06-02 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-02 14:26 . 2008-10-02 17:29 -------- d-----w- c:\program files\Bonjour
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\QuickTime
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\Apple Software Update
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-01 19:27 . 2009-03-22 13:22 -------- d-----w- c:\documents and settings\Steven\Application Data\Spotify
2009-05-30 11:50 . 2009-05-30 11:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\reFX
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\Digidesign
2009-05-27 12:31 . 2007-03-18 12:39 -------- d-----w- c:\program files\VstPlugins
2009-05-27 12:30 . 2007-03-18 12:38 -------- d-----w- c:\program files\Image-Line
2009-05-18 17:17 . 2009-05-18 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:44 . 2004-08-10 20:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 17:15 . 2009-04-29 17:15 1024 ----a-w- c:\windows\system32\PDF2IMG.dat
2009-04-29 04:31 . 2006-03-04 03:58 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:07 . 2009-04-28 20:07 15240 ----a-w- c:\documents and settings\Steven\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-04-28 19:46 . 2009-04-28 19:46 105984 ----a-w- c:\windows\system32\msoer2.dll
2009-04-28 16:16 . 2008-10-27 12:10 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-28 16:16 . 2007-05-20 17:04 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-17 09:58 . 2005-10-06 00:06 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 20:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-03-09 16:14 . 2008-02-08 18:07 5186 ----a-w- c:\program files\unins000.dat
2008-03-09 16:14 . 2008-02-08 18:07 678682 ----a-w- c:\program files\unins000.exe
2008-04-06 23:59 . 2008-04-06 23:59 0 --sh--w- c:\windows\S5A948CD5.tmp
2008-01-31 12:55 . 2007-08-28 20:29 104 --sh--r- c:\windows\system32\DE2CB83AE4.sys
2008-01-31 12:55 . 2007-08-27 07:39 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-17 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-09-28 3497208]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-07-14 7057408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"HiChatter"="d:\program files\Beyluxe Messenger\beyluxe messenger.exe" [2009-06-01 3299840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="d:\runescape\java\bin\jusched.exe" [2009-04-09 148888]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"Aquairum"="c:\program files\USB Aquarium\Aquarium.exe" [2007-05-18 143360]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Advanced Virus Remover"="c:\program files\AdvancedVirusRemover\PAVRM.exe" [2009-07-09 1280000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-3-17 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\win32z.exe,c:\windows\system32\win32room.exe,"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^uPlayMe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\uPlayMe.lnk
backup=c:\windows\pss\uPlayMe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:43594
"9242:TCP"= 9242:TCP:BitComet 9242 TCP
"9242:UDP"= 9242:UDP:BitComet 9242 UDP
"8085:TCP"= 8085:TCP:drv

R1 vcdrom;Virtual CD-ROM Device Driver;C:\VCdRom.sys [19/12/2001 11:45 8576]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/07/2009 20:27 101936]
S2 gupdate1c98a3d9e74b4a8;Google Update Service (gupdate1c98a3d9e74b4a8);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 23:35 133104]
S2 gvvzloh;gvvzloh;c:\windows\system32\drivers\nheer.sys --> c:\windows\system32\drivers\nheer.sys [?]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\hdjctrl.sys [20/10/2007 15:57 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [20/10/2007 15:57 39296]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/10/2008 11:52 18432]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-24 10:36]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Steven.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 12:13]

2009-07-08 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-07-05 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &SHOUTcast Search - c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\winhelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://woofdah.viewnetcam.com:81/cgi-bin/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://woofdah.viewnetcam.com/kxhcm10.ocx
DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} - hxxp://217.96.55.11/activex/decoder/mpeg4_dec.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.34.87.7/activex/AMC.cab
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} - hxxp://80.237.209.20/objects/NpFv41629.dll
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://64.39.221.140/user/TSBnwCam.CAB
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 19:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Aquairum = c:\program files\USB Aquarium\Aquarium.exe?s?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1996885673-139178621-49509670-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\runescape\bin\TortoiseStub.dll
d:\runescape\bin\TortoiseSVN.dll
d:\runescape\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.virp
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
d:\runescape\java\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
d:\runescape\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-07-09 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 18:28

Pre-Run: 1,025,847,296 bytes free
Post-Run: 2,743,336,960 bytes free

1331 --- E O F --- 2009-06-11 02:01

Hello.

More malware came back.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\winhelper.dll

Registry::
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"=-
"9242:TCP"=-
"9242:UDP"=-
"8085:TCP"=-

Driver::
gvvzloh

DDS::
LSP: c:\windows\system32\winhelper.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

OK, I have the log but when I opened Firefox to post the log here, my Internet isn't working anymore. By the way, I'm on my laptop right now and the computer is the one infected. The page is just blank on Firefox and on Internet Explorer it says Page cannot be displayed. I can access the Internet on my laptop so I'm just confused. No idea what's going on here.

The malwares fault.

Run the LSPFix again, check to see if that winhelper is back in the left side or right side.

If left, move it to the right and hit finish.
If it's already on the right side, just hit finish and reboot.

After reboot, your net should be working again.

OK, back on my computer and the Internet is working. However, after I rebooted my desktop has turned blue and black with red text saying that my system is infected. There's a small red circle with a white cross in it at the bottom right of my screen. A notce box keeps popping up saying that my system is infected.

Anyways, here's that ComboFix Log you wanted:

ComboFix 09-07-09.02 - Steven 09/07/2009 20:09.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.397 [GMT 1:00]
Running from: c:\documents and settings\Steven\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point

FILE ::
"c:\windows\system32\winhelper.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\windows\system32\winhelper.dll

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gvvzloh


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 19:25 . 2009-07-09 19:25 -------- d-----w- c:\program files\AdvancedVirusRemover
2009-07-09 19:23 . 2009-07-09 19:23 41984 ----a-w- c:\windows\system32\winupdate.exe
2009-07-09 13:58 . 2009-07-09 13:58 -------- d-----w- c:\program files\Trend Micro
2009-07-04 16:51 . 2009-07-04 16:51 -------- d-----w- C:\videooutput
2009-07-04 16:51 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-04 16:51 . 2009-06-04 12:17 8676883 ----a-w- c:\windows\system32\NCMedia2.dll
2009-07-03 21:20 . 2009-07-03 21:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\documents and settings\Steven\Application Data\Malwarebytes
2009-07-02 22:12 . 2009-07-09 19:25 -------- d-sh--w- c:\windows\system32\pord32
2009-07-02 22:03 . 2009-07-09 14:47 -------- d-----w- c:\program files\drv
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\documents and settings\Steven\Application Data\AVS4YOU
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-30 23:31 . 2009-06-30 23:31 -------- d-----w- c:\program files\AVS4YOU
2009-06-30 23:31 . 2006-03-03 09:02 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-06-30 23:31 . 2003-05-21 12:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-30 23:31 . 2002-01-05 14:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-30 23:15 . 2009-06-30 23:15 -------- d-----w- c:\program files\Panopreter
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-30 15:27 . 2009-06-30 15:27 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-26 11:50 . 2009-06-26 12:32 -------- d-----w- c:\documents and settings\Steven\Application Data\Download Manager
2009-06-25 19:23 . 2009-07-09 19:23 -------- d-sh--w- c:\windows\system32\xors32
2009-06-19 19:35 . 2009-06-19 19:35 -------- d-----w- c:\program files\Beyluxe Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 19:26 . 2009-03-27 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-07-09 19:21 . 2009-07-09 19:21 0 ----a-w- c:\documents and settings\Steven\ntuser.tmp
2009-07-09 18:46 . 2008-07-01 14:53 34 ----a-w- c:\documents and settings\Steven\jagex_runescape_preferences.dat
2009-07-09 14:33 . 2009-05-18 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:11 . 2009-02-08 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 22:30 . 2007-03-17 14:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-04 16:51 . 2008-05-18 19:04 -------- d-----w- c:\program files\Smallvideosoft
2009-07-03 21:23 . 2007-03-17 15:37 -------- d-----w- c:\program files\Google
2009-07-02 21:52 . 2009-07-02 21:52 63488 ----a-w- c:\windows\system32\calc.tmp
2009-07-01 19:13 . 2007-03-31 09:57 -------- d-----w- c:\program files\Steam
2009-06-26 13:00 . 2007-03-17 14:51 46072 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 12:55 . 2006-08-11 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 10:27 . 2009-05-18 17:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-05-18 17:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:54 . 2009-05-06 15:35 -------- d-----w- c:\program files\SwiftKit
2009-06-12 18:15 . 2009-04-27 16:57 50176 ----a-w- c:\windows\system32\lspktg.dll
2009-06-07 12:31 . 2009-06-02 14:27 -------- d-----w- c:\documents and settings\Steven\Application Data\Apple Computer
2009-06-02 14:27 . 2009-06-02 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-02 14:26 . 2009-06-02 14:26 -------- d-----w- c:\program files\iPod
2009-06-02 14:26 . 2009-06-02 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-02 14:26 . 2008-10-02 17:29 -------- d-----w- c:\program files\Bonjour
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\QuickTime
2009-06-02 14:25 . 2009-06-02 14:25 -------- d-----w- c:\program files\Apple Software Update
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 14:24 . 2009-06-02 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-01 19:27 . 2009-03-22 13:22 -------- d-----w- c:\documents and settings\Steven\Application Data\Spotify
2009-05-30 11:50 . 2009-05-30 11:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\reFX
2009-05-29 10:29 . 2009-05-29 10:29 -------- d-----w- c:\program files\Common Files\Digidesign
2009-05-27 12:31 . 2007-03-18 12:39 -------- d-----w- c:\program files\VstPlugins
2009-05-27 12:30 . 2007-03-18 12:38 -------- d-----w- c:\program files\Image-Line
2009-05-18 17:17 . 2009-05-18 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:44 . 2004-08-10 20:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 17:15 . 2009-04-29 17:15 1024 ----a-w- c:\windows\system32\PDF2IMG.dat
2009-04-29 04:31 . 2006-03-04 03:58 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 20:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:07 . 2009-04-28 20:07 15240 ----a-w- c:\documents and settings\Steven\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-04-28 19:46 . 2009-04-28 19:46 105984 ----a-w- c:\windows\system32\msoer2.dll
2009-04-28 16:16 . 2008-10-27 12:10 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-28 16:16 . 2007-05-20 17:04 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-17 09:58 . 2005-10-06 00:06 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 20:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-03-09 16:14 . 2008-02-08 18:07 5186 ----a-w- c:\program files\unins000.dat
2008-03-09 16:14 . 2008-02-08 18:07 678682 ----a-w- c:\program files\unins000.exe
2008-04-06 23:59 . 2008-04-06 23:59 0 --sh--w- c:\windows\S5A948CD5.tmp
2008-01-31 12:55 . 2007-08-28 20:29 104 --sh--r- c:\windows\system32\DE2CB83AE4.sys
2008-01-31 12:55 . 2007-08-27 07:39 11690 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-09_18.22.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 18:27 . 2009-07-09 19:24 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-09 19:25 . 2009-07-09 19:25 16384 c:\windows\temp\Perflib_Perfdata_8bc.dat
+ 2009-07-09 19:24 . 2009-07-09 19:24 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2009-07-09 19:24 . 2009-07-09 19:24 16384 c:\windows\temp\Perflib_Perfdata_640.dat
+ 2009-07-09 18:27 . 2009-07-09 19:24 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2009-07-09 18:27 . 2009-07-09 19:24 16384 c:\windows\temp\Cookies\index.dat
+ 2009-07-09 19:23 . 2009-07-09 19:23 20480 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TXLCR0R6\firewall[1].dll
+ 2007-03-17 21:36 . 2009-07-09 19:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-17 21:36 . 2009-07-09 18:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-17 21:36 . 2009-07-09 19:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-17 21:36 . 2009-07-09 18:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-17 21:36 . 2009-07-09 19:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-17 21:36 . 2009-07-09 18:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-19 15:34 . 2009-07-09 14:54 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 15:34 . 2009-07-09 18:46 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-19 15:34 . 2009-07-09 14:54 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-05-19 15:34 . 2009-07-09 18:46 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-07-09 19:23 . 2009-07-09 19:23 1280000 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MTT66S1D\SetupAdvancedVirusRemover[1].exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-17 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-09-28 3497208]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-07-14 7057408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"HiChatter"="d:\program files\Beyluxe Messenger\beyluxe messenger.exe" [2009-06-01 3299840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="d:\runescape\java\bin\jusched.exe" [2009-04-09 148888]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"Aquairum"="c:\program files\USB Aquarium\Aquarium.exe" [2007-05-18 143360]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Advanced Virus Remover"="c:\program files\AdvancedVirusRemover\PAVRM.exe" [2009-07-09 1280000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-3-17 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\win32room.exe,c:\windows\system32\win32z.exe,"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^uPlayMe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\uPlayMe.lnk
backup=c:\windows\pss\uPlayMe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

R1 vcdrom;Virtual CD-ROM Device Driver;C:\VCdRom.sys [19/12/2001 11:45 8576]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/07/2009 20:27 101936]
S2 gupdate1c98a3d9e74b4a8;Google Update Service (gupdate1c98a3d9e74b4a8);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 23:35 133104]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\hdjctrl.sys [20/10/2007 15:57 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [20/10/2007 15:57 39296]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [18/10/2008 11:52 18432]
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-24 10:36]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:35]

2009-07-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Steven.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 12:13]

2009-07-08 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-07-05 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
.
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &SHOUTcast Search - c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\winhelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://woofdah.viewnetcam.com:81/cgi-bin/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://woofdah.viewnetcam.com/kxhcm10.ocx
DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} - hxxp://217.96.55.11/activex/decoder/mpeg4_dec.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.34.87.7/activex/AMC.cab
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} - hxxp://80.237.209.20/objects/NpFv41629.dll
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://64.39.221.140/user/TSBnwCam.CAB
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\drdi6wte.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\runescape\java\bin\new_plugin\npjp2.dll
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Aquairum = c:\program files\USB Aquarium\Aquarium.exe?s?????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1996885673-139178621-49509670-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\runescape\bin\TortoiseStub.dll
d:\runescape\bin\TortoiseSVN.dll
d:\runescape\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\windows\system32\winupdate.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
d:\runescape\java\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
d:\runescape\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-07-09 20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 19:30
ComboFix2.txt 2009-07-09 18:28

Pre-Run: 2,704,015,360 bytes free
Post-Run: 2,666,856,448 bytes free

354 --- E O F --- 2009-06-11 02:01

Hello.
This malware doesn't want to die, something is regenerating it and downloading more rubbish.

Lets cut the internet connection. Your going to need to use a USB stick and another machine to post the logs from, because we have to stop this. Take the ethernet wire out of the back, or if it's wireless, disable the wireless temporarily.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\winupdate.exe
c:\windows\system32\lspktg.dll
c:\windows\system32\win32room.exe
c:\windows\system32\win32z.exe

Folder::
c:\program files\AdvancedVirusRemover
c:\program files\drv

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced Virus Remover"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

DDS::
LSP: c:\windows\system32\winhelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://woofdah.viewnetcam.com:81/cgi-bin/SysCamInst.cab

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.