Haven't given log a full look, but these
2006-10-25 15:15 617354 ---hs---- C:\WINDOWS\system32\klnmp.bak2
2006-10-24 10:43 529285 ---hs---- C:\WINDOWS\system32\klnmp.bak1
are painfully obvious VUNDO!

-- Was going to ask you to do a GMER rootkit scan, but they are under a DDOS attack and unavailable right now. So, I think we'll try F-Secure's Blacklight.



But First, please do this:

1- Move combofix.exe to the Desktop (if it is not already there)
2- Then Click Start > Run > and copy&paste the following command into the box:

"%userprofile\desktop\combofix.exe" /v klnmp

Let the tool run as before and post the new log.

I'm cutting out for the night - will try to check back tomorrow. If you are up to doing the Blacklight scan, feel free. Instructions should be well posted at the F-Secure site.

Best luck
PP