PLEASE HELP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:41 AM, on 7/13/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\WINDOWS\V2lsZnJlZG8gUml2ZXJh\command.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\jrun\bin\jrun.exe
C:\Program Files (x86)\Network Monitor\netmon.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\PROGRA~2\MICROS~4\rapimgr.exe
C:\WINDOWS\SysWOW64\tcntptdm.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USISrv.exe
c:\windows\system32\rswnw64p.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
C:\Documents and Settings\Administrator\winlogon.exe
C:\CFusion\cfam\Program\wsm.exe
C:\Program Files (x86)\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files (x86)\Performanceoptimizer (Free)\PerfOpt.exe
C:\Program Files (x86)\Performanceoptimizer (Free)\updater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AntiMalwareGuar d_Free.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit,C:\WINDOWS\system32\iftuyszv.exe ,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] "C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USISrv.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SysWow64\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Administrator\winlogon.exe
O4 - HKLM\..\Run: [{CA-AA-A5-53-DW}] c:\windows\SysWow64\rswnw64p.exe DWram02FF
O4 - HKLM\..\Run: [{9bbf2d84-745a-7aba-9db9-385430493b30}] C:\WINDOWS\SysWow64\Rundll32.exe "C:\WINDOWS\SysWow64\{dc9025a6-249c-f6d7-7c74-dac68bdce1c0}.dll" DllInit
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\SysWOW64\tcntptdm.exe DWram02FF
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~2\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [AntiMalwareGuard] "C:\Program Files (x86)\AntiMalwareGuard\amg.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SysWOW64\tcntptdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64p.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~2\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~2\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~2\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: MSN.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170867610796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JS...ws-i586-jc.cab
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
O20 - Winlogon Notify: efcAQHbb - C:\WINDOWS\SYSTEM32\efcAQHbb.dll
O20 - Winlogon Notify: pmnkKaYR - C:\WINDOWS\SYSTEM32\pmnkKaYR.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2lsZnJlZG8gUml2ZXJh\command.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files (x86)\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files (x86)\Network Monitor\netmon.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 10729 bytes

Ok.Lets see if this runs....

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.