hello guys, please help me out as i'm not good in removing viruses. pc is infected with spcipa.exe and dont know how to remove it. it was detected by AVG av 7.5 but it did not remove it. Prevx 2 did find 3 files and one of them was Trojan.Lozyt and removed it. But i'm still having problems. AVG is detecting system files as virus/spyware too. Uninstalled and re-installed AVG but still same problem. i'll post Hijack this file on request and please let me know whats the problem and how to resolve it. Many thanks

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thanks Jabuck for replying, here is a copy of hijackthis as to your per instructions. There is another problem associated to my previous message. AVG is detecting AVAST files as virus/malware and 2ndly my pc does not boot into SAFE MODE no matter how many times i try to go in to safe mode. please help me out.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:30, on 03/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie...

yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie...

yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

=

http://us.rd.yahoo.com/customize/ie...

yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by Virgin Net Broadband
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [System Updater]

C:\WINDOWS\system32\Sysupd\sysupd.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program

Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center]

C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol]

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure]

C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [Regrun2]

C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User

'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1}

- C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program

Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)

-
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter

Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo

Class) -
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} -
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) -

http://by128fd.bay128.hotmail.msn.c...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher

Control) - http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D}

(HpProductDetection Class) -

http://h20270.www2.hp.com/ediags/gm...

ab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microso...

lient/muweb_site.cab?1182621406843
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX

Control) -

https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.

ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL

Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o.

- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG -

C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PREVXAgent - Prevx - C:\Program

Files\Prevx2\PXAgent.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common

Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SNDSrvc - Unknown owner - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs

Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot

Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 9495 bytes

Go to start>run> type notepad > click ok>click format>uncheck "word wrap"> then exit notepad.

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O4 - HKLM\..\Run: [System Updater] C:\WINDOWS\system32\Sysupd\sysupd.exe

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)-

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo

Class) -

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} -

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

Exit Hijack This

Navigate to and delte this file if found:

C:\WINDOWS\system32\Sysupd\sysupd.exe

Then navigate to and delete this folder if fouund:

C:\WINDOWS\system32\Sysupd\

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces and a new Hijack This log.

Use only the F8 method to boot into safe mode, any other method may put you in a boot loop and you may have to format.

Hello Jabuck, sorry for the delay, somehow i'm not able to boot in Safe Mode and i dont know why. i press F8 and brings into few options including safe mode, so when i highlight safe mode and click on it it reboot itself and bring me back to same option page. i can only go into "start windows normally" including safe mode does nothing. any advice on this ?

Follow the steps in response #3 in normal mode and post the requested logs please.

hello jabuck, please see the required logsas to your per instructions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:50, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.c...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gm...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SNDSrvc - Unknown owner - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 7420 bytes

And this lof is from ComboFix.

ComboFix 07-08-30.3 - "KING" 2007-09-05 12:25:04.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.843 [GMT 1:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\bold.log
C:\Program Files\Common Files\{38AF0~1
C:\Program Files\Common Files\{58AF0~1

((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))

2007-09-05 12:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-04 18:59 <DIR> d-------- C:\Program Files\Intel
2007-09-03 20:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-03 17:58 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-09-03 17:58 2 -rahs---- C:\WINDOWS\winstart.bat
2007-09-03 17:55 <DIR> d-------- C:\Program Files\Greatis
2007-09-03 17:10 <DIR> d-------- C:\Program Files\emule
2007-09-03 08:50 <DIR> d-------- C:\Program Files\PestPatrol
2007-09-03 00:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-09-03 00:29 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-09-02 23:29 359,040 --a------ C:\WINDOWS\system32\dllcache\tcpip.sys
2007-09-01 23:12 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-09-01 23:12 11,264 --a------ C:\WINDOWS\Ulead iPhoto Express.SCR
2007-09-01 23:12 <DIR> d-------- C:\WINDOWS\ULEAD.DAT
2007-09-01 23:12 <DIR> d-------- C:\Program Files\Ulead iPhoto Express
2007-08-29 22:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-23 21:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-21 20:09 <DIR> d-------- C:\$WIN_NT$.~BT
2007-08-21 17:58 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2007-08-21 17:58 66,591 --a------ C:\WINDOWS\system32\dllcache\el90xbc5.sys
2007-08-18 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-08-18 20:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-18 19:10 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-08-18 19:10 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-08-18 19:10 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-08-18 19:10 <DIR> d-------- C:\Program Files\VSO
2007-08-18 17:00 87,608 --a------ C:\DOCUME~1\KING\APPLIC~1\inst.exe
2007-08-18 17:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-18 17:00 47,360 --a------ C:\DOCUME~1\KING\APPLIC~1\pcouffin.sys
2007-08-18 17:00 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Vso
2007-08-18 12:02 <DIR> d-------- C:\Program Files\Smart Projects
2007-08-16 19:02 <DIR> d-------- C:\VProRecovery
2007-08-12 15:08 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Image Zone Express
2007-08-12 10:42 <DIR> d---s---- C:\DOCUME~1\Arooba\UserData

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 23:29 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 1rogram Files\PowerQuest
2007-08-02 1rogram Files\Common Files\Symantec Shared
2007-08-02 1OCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-02 1rogram Files\MagicISO
2007-08-01 1rogram Files\BitTorrent_DNA
2007-08-01 1rogram Files\BitTorrent
2007-08-01 1OCUME~1\KING\APPLIC~1\BitTorrent DNA
2007-08-01 1OCUME~1\KING\APPLIC~1\BitTorrent
2007-07-29 2rogram Files\Microsoft Works
2007-07-29 2rogram Files\Microsoft.NET
2007-07-29 1rogram Files\SmartSound Software Inc
2007-07-29 1OCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-27 0rogram Files\AtomInterSoft
2007-07-26 10:35 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2007-07-25 1OCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-25 1OCUME~1\KING\APPLIC~1\HP
2007-07-15 1rogram Files\9Dragons
2007-07-10 1OCUME~1\KING\APPLIC~1\Hewlett-Packard
2007-07-10 1rogram Files\Common Files\Hewlett-Packard
2007-07-06 2rogram Files\Folder Guard Pro
2007-06-13 22:07 12208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2005-10-13 20:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-23 22:16]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2003-12-15 14:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-03 11:57]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 08:53]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FolderGuard]
C:\Program Files\Folder Guard Pro\FGuard32.dll 2007-07-06 22:30 696320 C:\Program Files\Folder Guard Pro\FGuard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LG SyncManager.lnk]
backup=C:\WINDOWS\pss\LG SyncManager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express Calendar Checker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Program Files\Evidence Eliminator\ee.exe /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Virgin.net Broadband\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Updater]
C:\WINDOWS\system32\Sysupd\sysupd.exe -detach

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdService]
C:\Program Files\Common Files\Microsoft Shared\MSWNInfo\UpdService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R2 FGUARD32;FGUARD32;\??\C:\Program Files\Folder Guard Pro\FGUARD32.SYS
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
R3 wdm_tridwave;PCI288-Q3DII PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\tridwave.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS
S3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{327a8a60-0e91-11db-ad94-806d6172696f}]
AutoRun\command- E:\install.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-09-04 23:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 00:00:02 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 01:00:02 C:\WINDOWS\Tasks\At3.job
2007-09-03 02:00:02 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 03:00:02 C:\WINDOWS\Tasks\At5.job
2007-09-03 04:00:02 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 05:00:02 C:\WINDOWS\Tasks\At7.job
2007-09-03 06:00:02 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 07:00:02 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 08:00:02 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-05 09:00:02 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 10:00:02 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 11:00:02 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 12:00:02 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 13:00:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 14:00:06 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 15:00:02 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 16:00:02 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 17:00:02 C:\WINDOWS\Tasks\At19.job
2007-09-03 18:00:02 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 19:00:02 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 20:00:02 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-03 21:00:02 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 22:00:02 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 23:00:02 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 00:00:02 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 01:00:02 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 02:00:02 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 03:00:02 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 04:00:02 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 05:00:02 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 06:00:02 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 07:00:02 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 08:00:02 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-05 09:00:02 C:\WINDOWS\Tasks\At35.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 10:00:02 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 11:00:02 C:\WINDOWS\Tasks\At37.job
2007-09-04 12:00:02 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-04 13:00:02 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-04 14:00:06 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-04 15:00:02 C:\WINDOWS\Tasks\At41.job
2007-09-04 16:00:02 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 17:00:02 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 18:00:02 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-04 19:00:02 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 20:00:02 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-03 21:00:02 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-04 22:00:02 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-04 23:00:02 C:\WINDOWS\Tasks\At49.job
2007-09-03 00:01:02 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 01:01:06 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 02:01:04 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 03:01:02 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 04:01:02 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 05:01:02 C:\WINDOWS\Tasks\At55.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 06:01:02 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 07:01:02 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 08:01:52 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-05 09:00:02 C:\WINDOWS\Tasks\At59.job
2007-09-03 10:00:04 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 11:00:02 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-04 12:00:02 C:\WINDOWS\Tasks\At62.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-04 13:00:02 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-04 14:00:06 C:\WINDOWS\Tasks\At64.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-04 15:00:02 C:\WINDOWS\Tasks\At65.job
2007-09-04 16:00:02 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 17:00:02 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 18:00:02 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-04 19:00:02 C:\WINDOWS\Tasks\At69.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 20:00:02 C:\WINDOWS\Tasks\At70.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-03 21:00:02 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-04 22:00:02 C:\WINDOWS\Tasks\At72.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 12:26:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-05 12:26:46
C:\ComboFix-quarantined-files.txt ... 2007-09-05 12:26

--- E O F ---

hello jabuck, in search i found this file, is it ok to leave as it is ?

SYSUPD.EXE-02153A98.pf location: C:\WINDOWS\Prefetch

sysupd.exe is a process process associated with an Dialer application. It tries to disconnect your current internet connection and dial a toll number with high minute rates. This process is a security risk and should be removed from your system.
It is highly recommended to Run a Free Performance Scan:
http://www.liutilities.com/products...

Temporarily disable any of the following anti-spyware realtime protection programs that you may have as they are interering with the removal process Disable Realtime Protection

Then run Combofix again and post the new log.

Next, open notepad and copy/paste the text between the X's below into it:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\A74pSs8S.exe
C:\WINDOWS\system32\SkOh8wOv.exe
C:\WINDOWS\system32\puv0q5bP.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Next click file> save> in the "filename" box type cfscript and in the "save in" box select "desktop" then click save.

Next right click on the "cfscript" file and drag it on top the Combofix red X and drop it.

Combofix will start and run. After it reboots (sometimes it does) post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Updater]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Post a new Hijack This log please.

We will get it when we do the final cleanup. You can delete the entire contents of C:\WINDOWS\Prefetch just do not delete the folder itself.

Hello jabuck, each time i'm experiencing new problem, this time i tried to follow your instructions and when i ran ComboFix suddenly the screen went blue and this message appeared ("STOP: C0000135 unable to locate component. This application failed to start because vct3216.dll not found. Reinstalling the application may fix this problem."

Beginning dump of physical memory
Dumping physical memory to disk: 1)

the above dumping memory to disk goes up 87 and then the windows go thru system start up as when the windows NOT shut down thru normal way. during system file checking process it shows errors about ComboFix files.

i'm sorry to take your so much time and appreciate your help. please see if there is more help you can provide.

posting HijackThis log while i terminated all the security applications/softwares and WITHOUT runing ComboFix as you instructed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37, on 2007-09-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.c...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gm...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SNDSrvc - Unknown owner - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 6495 bytes

The Hijack This log looks clean but there is some clean up to do yet. As for the file vct3216.dll you can get if free from this link Voxware Codec

We have not remove it but may be why this sound file is missing:

O23 - Service: SNDSrvc - Unknown owner - (no file)

Download it to your desktop> left click on the vox.zip file> click extract all> extract it to your desktop>open the vox folder> right click on voxacm.inf> click install. Restart the computer.

Uninstall Comboxfix by dragging it to the recycle bin then redownload it and try to post a new log.

Hello jabuck, i have installed vct3216.dll as you instructed and it has done a good job. Thanks alot.

could you please explain how do you want me to delete "You can delete the entire contents of C:\WINDOWS\Prefetch just do not delete the folder itself." all i know is to delete the folder and it will delete its contents too.
Uninstalled and reinstalled Combofix and here is the log, but without disabling the security programs.

ComboFix 07-08-30.3 - "KING" 2007-09-07 13:57:22.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.789 [GMT 1:00]

((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))

2007-09-07 13:52 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-06 18:54 <DIR> d-------- C:\Program Files\Security Task Manager
2007-09-06 18:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-09-05 16:58 12,219,419 --------- C:\AVG7QT.DAT
2007-09-05 16:58 <DIR> d-------- C:\DOCUME~1\Arooba\APPLIC~1\Uniblue
2007-09-05 16:03 <DIR> d-------- C:\Program Files\Uniblue
2007-09-05 16:03 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Uniblue
2007-09-05 12:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-04 18:59 <DIR> d-------- C:\Program Files\Intel
2007-09-03 20:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-03 17:58 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-09-03 17:58 2 -rahs---- C:\WINDOWS\winstart.bat
2007-09-03 17:55 <DIR> d-------- C:\Program Files\Greatis
2007-09-03 17:10 <DIR> d-------- C:\Program Files\emule
2007-09-03 08:50 <DIR> d-------- C:\Program Files\PestPatrol
2007-09-03 00:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-09-03 00:29 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-09-02 23:29 359,040 --a------ C:\WINDOWS\system32\dllcache\tcpip.sys
2007-09-01 23:12 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-09-01 23:12 11,264 --a------ C:\WINDOWS\Ulead iPhoto Express.SCR
2007-09-01 23:12 <DIR> d-------- C:\WINDOWS\ULEAD.DAT
2007-09-01 23:12 <DIR> d-------- C:\Program Files\Ulead iPhoto Express
2007-08-29 22:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-23 21:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-21 17:58 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2007-08-21 17:58 66,591 --a------ C:\WINDOWS\system32\dllcache\el90xbc5.sys
2007-08-18 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-08-18 20:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-18 19:10 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-08-18 19:10 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-08-18 19:10 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-08-18 19:10 <DIR> d-------- C:\Program Files\VSO
2007-08-18 17:00 87,608 --a------ C:\DOCUME~1\KING\APPLIC~1\inst.exe
2007-08-18 17:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-18 17:00 47,360 --a------ C:\DOCUME~1\KING\APPLIC~1\pcouffin.sys
2007-08-18 17:00 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Vso
2007-08-18 12:02 <DIR> d-------- C:\Program Files\Smart Projects
2007-08-16 19:02 <DIR> d-------- C:\VProRecovery
2007-08-12 15:08 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Image Zone Express
2007-08-12 10:42 <DIR> d---s---- C:\DOCUME~1\Arooba\UserData

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 23:29 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 1rogram Files\PowerQuest
2007-08-02 1rogram Files\Common Files\Symantec Shared
2007-08-02 1OCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-02 1rogram Files\MagicISO
2007-08-01 1rogram Files\BitTorrent_DNA
2007-08-01 1rogram Files\BitTorrent
2007-08-01 1OCUME~1\KING\APPLIC~1\BitTorrent DNA
2007-08-01 1OCUME~1\KING\APPLIC~1\BitTorrent
2007-07-29 2rogram Files\Microsoft Works
2007-07-29 2rogram Files\Microsoft.NET
2007-07-29 1rogram Files\SmartSound Software Inc
2007-07-29 1OCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-27 0rogram Files\AtomInterSoft
2007-07-26 10:35 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2007-07-25 1OCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-25 1OCUME~1\KING\APPLIC~1\HP
2007-07-15 1rogram Files\9Dragons
2007-07-10 1OCUME~1\KING\APPLIC~1\Hewlett-Packard
2007-07-10 1rogram Files\Common Files\Hewlett-Packard
2007-06-13 22:07 12208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2005-10-13 20:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-03 11:57]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 08:53]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2003-12-15 14:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-23 22:16]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FolderGuard]
C:\Program Files\Folder Guard Pro\FGuard32.dll 2007-07-06 22:30 696320 C:\Program Files\Folder Guard Pro\FGuard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Program Files\Evidence Eliminator\ee.exe /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Virgin.net Broadband\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Updater]
C:\WINDOWS\system32\Sysupd\sysupd.exe -detach

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdService]
C:\Program Files\Common Files\Microsoft Shared\MSWNInfo\UpdService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R2 FGUARD32;FGUARD32;\??\C:\Program Files\Folder Guard Pro\FGUARD32.SYS
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
R3 wdm_tridwave;PCI288-Q3DII PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\tridwave.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS
S3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{327a8a60-0e91-11db-ad94-806d6172696f}]
AutoRun\command- E:\install.exe

Contents of the 'Scheduled Tasks' folder
2007-09-05 23:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 00:00:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 01:00:00 C:\WINDOWS\Tasks\At3.job
2007-09-06 02:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 03:00:00 C:\WINDOWS\Tasks\At5.job
2007-09-06 04:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 05:00:00 C:\WINDOWS\Tasks\At7.job
2007-09-06 06:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 07:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 08:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 09:00:00 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 10:00:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 11:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-07 12:00:02 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 13:00:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-04 14:00:06 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-05 15:00:02 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 16:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 17:00:02 C:\WINDOWS\Tasks\At19.job
2007-09-06 18:00:02 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 19:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 20:00:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-06 21:00:02 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-05 22:00:02 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\A74pSs8S.exe
2007-09-05 23:00:02 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 00:00:00 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 01:00:00 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 02:00:00 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 03:00:00 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 04:00:00 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 05:00:00 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 06:00:00 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 07:00:00 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 08:00:00 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 09:00:00 C:\WINDOWS\Tasks\At35.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 10:00:00 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 11:00:00 C:\WINDOWS\Tasks\At37.job
2007-09-07 12:00:02 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 13:00:00 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-04 14:00:06 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-05 15:00:02 C:\WINDOWS\Tasks\At41.job
2007-09-06 16:00:02 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 17:00:02 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 18:00:02 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 19:00:02 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 20:00:02 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-06 21:00:02 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-05 22:00:02 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\SkOh8wOv.exe
2007-09-05 23:00:02 C:\WINDOWS\Tasks\At49.job
2007-09-06 00:00:00 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 01:00:00 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 02:00:00 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 03:00:00 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 04:00:00 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 05:00:00 C:\WINDOWS\Tasks\At55.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 06:00:02 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 07:00:00 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 08:00:00 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 09:00:00 C:\WINDOWS\Tasks\At59.job
2007-09-06 10:00:00 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 11:00:00 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-07 12:00:02 C:\WINDOWS\Tasks\At62.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 13:00:00 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-04 14:00:06 C:\WINDOWS\Tasks\At64.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-05 15:00:02 C:\WINDOWS\Tasks\At65.job
2007-09-06 16:00:02 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 17:00:02 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 18:00:02 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 19:00:02 C:\WINDOWS\Tasks\At69.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 20:00:02 C:\WINDOWS\Tasks\At70.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-06 21:00:02 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\puv0q5bP.exe
2007-09-05 22:00:02 C:\WINDOWS\Tasks\At72.job
2007-09-05 15:36:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-09-05 17:53:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-05 17:05:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
2007-09-05 18:14:52 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-07 13:58:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

The AT.tmp file did not get deleted, let's try a different method.

Please download “Avenger” by swandog46 to your desktop from this link Avenger
1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to delete:
C:\WINDOWS\system32\A74pSs8S.exe
C:\WINDOWS\system32\SkOh8wOv.exe
C:\WINDOWS\system32\puv0q5bP.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Navagate to and delete these files if found:

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job

Then post a new combofix log please.

Hello jabuck, i have donr as you asked,and i have deleted mentioned files from C:Windows-tasks folder. posting avenger log file.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sxpmbcng

*******************

Script file located at: \??\C:\Program Files\bwirstqv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\A74pSs8S.exe not found!
Deletion of file C:\WINDOWS\system32\A74pSs8S.exe failed!

Could not process line:
C:\WINDOWS\system32\A74pSs8S.exe
Status: 0xc0000034

File C:\WINDOWS\system32\SkOh8wOv.exe not found!
Deletion of file C:\WINDOWS\system32\SkOh8wOv.exe failed!

Could not process line:
C:\WINDOWS\system32\SkOh8wOv.exe
Status: 0xc0000034

ComboFix 07-08-30.3 - "KING" 2007-09-08 21:10:46.7 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.820 [GMT 1:00]

((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))

2007-09-07 17:33 <DIR> d-------- C:\Program Files\BitComet
2007-09-07 16:55 <DIR> d-------- C:\Downloads
2007-09-06 18:54 <DIR> d-------- C:\Program Files\Security Task Manager
2007-09-06 18:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-09-05 16:58 12,219,419 --------- C:\AVG7QT.DAT
2007-09-05 16:58 <DIR> d-------- C:\DOCUME~1\Arooba\APPLIC~1\Uniblue
2007-09-05 16:03 <DIR> d-------- C:\Program Files\Uniblue
2007-09-05 16:03 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Uniblue
2007-09-05 12:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-04 18:59 <DIR> d-------- C:\Program Files\Intel
2007-09-03 20:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-03 17:58 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-09-03 17:58 2 -rahs---- C:\WINDOWS\winstart.bat
2007-09-03 17:55 <DIR> d-------- C:\Program Files\Greatis
2007-09-03 17:10 <DIR> d-------- C:\Program Files\emule
2007-09-03 08:50 <DIR> d-------- C:\Program Files\PestPatrol
2007-09-03 00:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-09-03 00:29 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-09-02 23:29 359,040 --a------ C:\WINDOWS\system32\dllcache\tcpip.sys
2007-09-01 23:12 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-09-01 23:12 11,264 --a------ C:\WINDOWS\Ulead iPhoto Express.SCR
2007-09-01 23:12 <DIR> d-------- C:\WINDOWS\ULEAD.DAT
2007-09-01 23:12 <DIR> d-------- C:\Program Files\Ulead iPhoto Express
2007-08-29 22:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-23 21:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-21 17:58 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2007-08-21 17:58 66,591 --a------ C:\WINDOWS\system32\dllcache\el90xbc5.sys
2007-08-18 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-08-18 20:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-18 19:10 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-08-18 19:10 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-08-18 19:10 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-08-18 19:10 <DIR> d-------- C:\Program Files\VSO
2007-08-18 17:00 87,608 --a------ C:\DOCUME~1\KING\APPLIC~1\inst.exe
2007-08-18 17:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-18 17:00 47,360 --a------ C:\DOCUME~1\KING\APPLIC~1\pcouffin.sys
2007-08-18 17:00 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Vso
2007-08-18 12:02 <DIR> d-------- C:\Program Files\Smart Projects
2007-08-16 19:02 <DIR> d-------- C:\VProRecovery
2007-08-12 15:08 <DIR> d-------- C:\DOCUME~1\KING\APPLIC~1\Image Zone Express
2007-08-12 10:42 <DIR> d---s---- C:\DOCUME~1\Arooba\UserData

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 23:29 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-03 1rogram Files\PowerQuest
2007-08-02 1rogram Files\Common Files\Symantec Shared
2007-08-02 1OCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-02 1rogram Files\MagicISO
2007-08-01 1OCUME~1\KING\APPLIC~1\BitTorrent DNA
2007-07-29 2rogram Files\Microsoft Works
2007-07-29 2rogram Files\Microsoft.NET
2007-07-29 1rogram Files\SmartSound Software Inc
2007-07-29 1OCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-27 0rogram Files\AtomInterSoft
2007-07-26 10:35 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2007-07-25 1OCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-25 1OCUME~1\KING\APPLIC~1\HP
2007-07-15 1rogram Files\9Dragons
2007-07-10 1OCUME~1\KING\APPLIC~1\Hewlett-Packard
2007-07-10 1rogram Files\Common Files\Hewlett-Packard
2007-06-13 22:07 12208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2005-10-13 20:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-05-13 16:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-06-26 14:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-10-07 18:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2004-01-24 23:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2005-02-28 12:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 11:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2006-04-27 09:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-03 11:57]
"CookiePatrol"="c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"PestPatrol Control Center"="c:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 08:53]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2003-12-15 14:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-23 22:16]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FolderGuard]
C:\Program Files\Folder Guard Pro\FGuard32.dll 2007-07-06 22:30 696320 C:\Program Files\Folder Guard Pro\FGuard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Program Files\Evidence Eliminator\ee.exe /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Virgin.net Broadband\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Updater]
C:\WINDOWS\system32\Sysupd\sysupd.exe -detach

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdService]
C:\Program Files\Common Files\Microsoft Shared\MSWNInfo\UpdService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R2 FGUARD32;FGUARD32;\??\C:\Program Files\Folder Guard Pro\FGUARD32.SYS
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
R3 wdm_tridwave;PCI288-Q3DII PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\tridwave.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS
S3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{327a8a60-0e91-11db-ad94-806d6172696f}]
AutoRun\command- E:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{873b8618-5e35-11dc-ba8e-00110a97f864}]
AutoRun\command- F:\setupSNK.exe

Contents of the 'Scheduled Tasks' folder
2007-09-05 15:36:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-09-05 17:53:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-05 17:05:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
2007-09-05 18:14:52 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 21:12:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-08 21:12:42
C:\ComboFix-quarantined-files.txt ... 2007-09-08 21:12
C:\ComboFix3.txt ... 2007-09-07 13:59
C:\ComboFix2.txt ... 2007-09-07 14:14

--- E O F ---

Much Beter.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot to normal and post the avg log please.

Hello Jabuck,I'm DELIGHTED to see "Much Better". but i'm not able to re-boot in Safe Mode and i dont know why. on re-booting i press F8 and brings into few options including safe mode, start windows in normally etc etc so when i hit on safe mode it goes thru cycle (multi0 rdisk0 etc etc) it stops for few seconds and it re-boots again and bring me back to same option page. the only option works is "start windows normally" in other words no other option works and i tried over 100 times since last few days to go into safe mode. any other expert advice you can think of going to safe mode? the other way i tried to do it thru msconfig where i changed the boot.ini and checked /safeboot, this way caused me a big problem because on re-boot pc went into loop. i had to get another HD connect to my pc and my HD as slave to bring back things to normal.

one thing i would like to mention is my HD is 200GB and i converted the whole drive as fat32 with no partition. OS is XP prof. could this safe mode problem due to this whole HD in fat32 ? as XP does not allow FAT32 format if HD is more than 32Gb.