Give it a try and see what happens. At worst, I imagine you will have to do a system restore if it's still the same after .

Mkay well I should be able to do that tonight if not ill get back at it tomorow

Well nothing better to do at 1:47 AM so here we go. So once I put this up Ill reboot see if I can get in normally if not well then its a system restore and im guessing go back a day fix what broke and not undo alot of wok already done. but Ill wait for your go to be 100% sure if we got to do one :o


OK here is ComboFix


ComboFix 08-01-04.1 - Ed 2008-01-05 1:38:00.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.221 [GMT -5:00]
Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ed\Desktop\CFScript.txt

FILE
C:\mssys.com
C:\Program Files\q330994.exe
C:\WINDOWS\cvchost.exe
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\WINDOWS\msstasks.exe
C:\WINDOWS\mssys.com
C:\WINDOWS\mstasks1.exe
C:\WINDOWS\mstaskss.exe
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\ntldr.exe
C:\WINDOWS\rocky.exe
C:\WINDOWS\seksdialer.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\mssys.com
C:\Program Files\q330994.exe
C:\WINDOWS\cvchost.exe
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\msstasks.exe
C:\WINDOWS\mssys.com
C:\WINDOWS\mstasks1.exe
C:\WINDOWS\mstaskss.exe
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\ntldr.exe
C:\WINDOWS\rocky.exe
C:\WINDOWS\seksdialer.exe
C:\WINDOWS\SYSTEM32\1691481241.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 18:13 . 2008-01-04 18:13 <DIR> d--h----- C:\Documents and Settings\All Users\WLANProfiles
2008-01-04 18:12 . 2008-01-04 18:12 17,801 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys
2008-01-04 17:49 . 2008-01-04 17:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-04 17:39 . 2008-01-04 18:09 <DIR> d-------- C:\Intel
2008-01-04 16:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 15:28 . 2008-01-04 15:28 2 --a------ C:\B.tmp
2008-01-04 15:28 . 2008-01-04 15:28 0 --a------ C:\C.tmp
2008-01-04 15:28 . 2008-01-04 15:28 0 --a------ C:\A.tmp
2008-01-04 15:28 . 2008-01-04 15:28 0 --a------ C:\9.tmp
2008-01-04 15:28 . 2008-01-04 15:28 0 --a------ C:\2.tmp
2008-01-03 17:23 . 2008-01-03 17:23 2 --a------ C:\5.tmp
2008-01-03 17:23 . 2008-01-03 17:23 0 --a------ C:\8.tmp
2008-01-03 17:23 . 2008-01-03 17:23 0 --a------ C:\7.tmp
2008-01-03 17:23 . 2008-01-03 17:23 0 --a------ C:\6.tmp
2008-01-03 17:23 . 2008-01-03 17:23 0 --a------ C:\3.tmp
2008-01-02 16:03 . 2008-01-02 16:04 <DIR> d-------- C:\ERDNT
2007-12-31 14:53 . 2007-12-31 14:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-31 14:43 . 2007-12-31 14:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2007-12-31 12:20 . 2007-12-31 14:37 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-12-31 12:17 . 2007-12-31 15:05 <DIR> d-------- C:\Program Files\Symantec
2007-12-31 11:56 . 2007-12-31 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-31 10:32 . 2007-12-31 10:32 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Grisoft
2007-12-31 10:32 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-12-31 10:31 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2007-12-30 22:24 . 2007-12-30 17:55 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-12-30 18:49 . 2007-12-30 19:47 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-12-30 17:54 . 2007-12-30 22:37 <DIR> d-------- C:\Documents and Settings\Ed\.housecall6.6
2007-12-30 17:08 . 2007-12-30 17:08 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-12-30 15:05 . 2007-12-30 15:05 60,968 --a------ C:\Documents and Settings\Ed\GoToAssistDownloadHelper.exe
2007-12-30 14:53 . 2007-12-30 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-12-30 14:52 . 2007-12-30 14:52 <DIR> d-------- C:\Program Files\Citrix
2007-12-30 14:52 . 2007-12-30 14:52 60,968 --a------ C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe
2007-12-30 13:32 . 2007-12-30 13:32 76,576 --a------ C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
2007-12-30 13:12 . 2006-02-28 07:00 214,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wordpad.exe
2007-12-30 13:12 . 2006-02-28 07:00 113,222 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\zoneclim.dll
2007-12-30 13:12 . 2006-02-28 07:00 41,029 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\zcorem.dll
2007-12-30 13:12 . 2006-02-28 07:00 36,937 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\zclientm.exe
2007-12-30 13:12 . 2006-02-28 07:00 29,760 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\znetm.dll
2007-12-30 13:12 . 2006-02-28 07:00 28,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xjis.nls
2007-12-30 13:12 . 2006-02-28 07:00 13,894 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\zonelibm.dll
2007-12-30 13:12 . 2006-02-28 07:00 5,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\write.exe
2007-12-30 13:12 . 2006-02-28 07:00 4,677 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\zeeverm.dll
2007-12-30 13:10 . 2006-02-28 07:00 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2007-12-30 13:09 . 2006-02-28 07:00 10,129,408 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
2007-12-30 13:08 . 2006-02-28 07:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2007-12-30 13:07 . 2006-02-28 07:00 1,817,687 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bckgres.dll
2007-12-30 13:06 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fp4awel.dll
2007-12-30 13:03 . 2007-12-30 13:03 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-30 13:03 . 2007-12-30 13:03 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2007-12-30 13:03 . 2007-12-30 13:03 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2007-12-30 13:03 . 2007-12-30 13:03 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2007-12-30 13:03 . 2007-12-30 13:03 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2007-12-30 13:02 . 2006-02-28 07:00 32,768 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mnmsrvc.exe
2007-12-30 13:00 . 2006-02-28 07:00 140,800 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sessmgr.exe
2007-12-30 13:00 . 2006-02-28 07:00 126,464 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wmiapsrv.exe
2007-12-30 13:00 . 2006-02-28 07:00 6,144 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msdtc.exe
2007-12-30 12:54 . 2006-02-28 07:00 168,806 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\startoc.cat
2007-12-30 12:54 . 2006-02-28 07:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2007-12-30 12:54 . 2006-02-28 07:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2007-12-30 12:54 . 2006-02-28 07:00 24,209 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msn7.cat
2007-12-30 12:54 . 2006-02-28 07:00 14,573 -ra------ C:\WINDOWS\SET89.tmp
2007-12-30 12:54 . 2006-02-28 07:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2007-12-30 12:54 . 2006-02-28 07:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2007-12-30 12:54 . 2006-02-28 07:00 11,651 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msn9.cat
2007-12-30 12:54 . 2006-02-28 07:00 7,382 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2007-12-30 11:07 . 2007-12-30 11:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 10:38 . 2007-12-30 10:38 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 10:38 . 2007-12-30 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 10:37 . 2007-12-30 10:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 07:40 . 2008-01-05 01:32 0 --a------ C:\WINDOWS\MEMORY.DMP
2007-12-30 00:15 . 2007-12-30 00:15 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-29 23:23 . 2007-12-29 23:59 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\SUPERAntiSpyware.com
2007-12-29 23:23 . 2007-12-29 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 19:12 . 2007-12-31 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-29 18:59 . 2007-12-29 18:59 230 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2007-12-29 17:04 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-12-29 17:00 . 2007-12-29 17:00 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-29 16:14 . 2007-12-29 16:14 <DIR> d-------- C:\Program Files\Broadcom
2007-12-29 16:12 . 2003-03-17 22:03 966,656 --a------ C:\WINDOWS\SYSTEM32\W70MLRES.DLL
2007-12-29 16:10 . 1999-05-07 13:24 645,616 --a------ C:\WINDOWS\SYSTEM32\MSCOMCT2.OCX
2007-12-29 16:10 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll
2007-12-29 16:10 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX
2007-12-29 16:10 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2007-12-29 16:10 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll
2007-12-29 16:10 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2007-12-29 15:26 . 2007-12-29 15:26 <DIR> d-------- C:\Program Files\Uniblue
2007-12-29 15:26 . 2007-12-29 15:26 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Uniblue
2007-12-29 15:26 . 2007-12-29 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-12-29 13:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-12-29 13:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-12-29 13:24 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2007-12-29 13:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-12-29 13:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-12-29 13:24 . 2007-12-29 20:24 1,450 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-29 11:04 . 2006-02-28 07:00 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-12-29 10:49 . 2006-02-28 07:00 1,086,058 -ra------ C:\WINDOWS\SET47.tmp
2007-12-29 10:49 . 2006-02-28 07:00 14,573 -ra------ C:\WINDOWS\SET80.tmp
2007-12-29 10:49 . 2006-02-28 07:00 13,753 -ra------ C:\WINDOWS\SET53.tmp
2007-12-29 10:49 . 2006-02-28 07:00 7,334 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wmerrenu.cat
2007-12-29 10:48 . 2006-02-28 07:00 1,042,903 -ra------ C:\WINDOWS\SET46.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 23:12 --------- d-----w C:\Program Files\Intel
2007-12-31 18:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-31 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-31 17:20 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-31 17:20 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-12-31 17:20 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-31 17:20 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-31 03:53 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-31 03:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-31 00:22 --------- d-----w C:\Program Files\AIM
2007-12-29 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 12:20 --------- d-----w C:\Program Files\Apoint
2007-12-29 06:16 --------- d-----w C:\Program Files\AWS
2007-12-29 06:16 --------- d-----w C:\Documents and Settings\Ed\Application Data\Rex-Services
2007-12-27 20:05 --------- d-----w C:\Documents and Settings\Ed\Application Data\Symantec
2007-12-27 16:38 --------- d-----w C:\Program Files\QuickTime
2007-12-25 19:10 --------- d-----w C:\Documents and Settings\Ed\Application Data\U3
2007-12-10 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\MSN6
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-25 03:37 --------- d-----w C:\Program Files\Tribeca Labs
2007-11-12 23:50 --------- d-----w C:\Documents and Settings\Ed\Application Data\Move Networks
2007-11-10 22:39 76,576 ----a-w C:\Documents and Settings\Ed\Application Data\GDIPFONTCACHEV1.DAT
2005-03-10 17:28 0 ----a-w C:\Documents and Settings\Ed\Upgrade.exe
2004-12-22 00:10 0 -csha-r C:\WINDOWS\SYSTEM\wmscrop.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_16.16.36.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-18 05:27:00 345,512 ----a-w C:\WINDOWS\Downloaded Program Files\MSDcode.dll
+ 2008-01-04 23:13:00 40,960 ----a-r C:\WINDOWS\Installer\{74C9DFA1-338F-4bf3-B317-99A9EC8EF9A6}\PROSet.56285FC4_11A9_11D6_8473_00902745D287.exe
- 2003-06-20 11:56:06 184,320 ----a-w C:\WINDOWS\SYSTEM32\1XConfig.exe
+ 2006-08-03 08:14:14 389,186 ----a-w C:\WINDOWS\SYSTEM32\1XConfig.exe
- 2003-06-20 12:09:04 450,560 ----a-w C:\WINDOWS\SYSTEM32\AdHocWiz.exe
+ 2006-08-03 08:23:12 450,560 ----a-w C:\WINDOWS\SYSTEM32\AdHocWiz.exe
- 2003-06-20 12:00:50 204,800 ----a-w C:\WINDOWS\SYSTEM32\C1XStngs.dll
+ 2006-08-03 08:15:16 528,453 ----a-w C:\WINDOWS\SYSTEM32\C1XStngs.dll
+ 2006-08-03 08:14:18 69,632 ----a-w C:\WINDOWS\SYSTEM32\D8021Xps.dll
- 2003-06-20 11:54:04 10,970 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys
+ 2006-08-03 18:11:32 10,970 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys
- 2003-06-11 10:06:44 2,477,952 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys
+ 2003-06-11 11:06:44 2,477,952 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys
- 2003-07-31 14:17:16 417,792 ----a-w C:\WINDOWS\SYSTEM32\IntelAE5.dll
+ 2005-07-05 05:55:26 1,396,841 ----a-w C:\WINDOWS\SYSTEM32\IntelAE5.dll
- 2003-06-20 12:03:28 110,592 ----a-w C:\WINDOWS\SYSTEM32\LgNotify.dll
+ 2006-08-03 08:20:40 188,482 ----a-w C:\WINDOWS\SYSTEM32\LgNotify.dll
- 2002-12-04 15:57:00 651,264 ----a-w C:\WINDOWS\SYSTEM32\libeay32.dll
+ 2005-01-13 08:00:10 651,264 ----a-w C:\WINDOWS\SYSTEM32\libeay32.dll
+ 2006-08-03 08:24:08 45,124 ----a-w C:\WINDOWS\SYSTEM32\LsaWrApi.dll
- 2003-06-20 11:55:00 217,088 ----a-w C:\WINDOWS\SYSTEM32\PfMgrApi.dll
+ 2006-08-03 08:15:50 327,748 ----a-w C:\WINDOWS\SYSTEM32\PfMgrApi.dll
+ 2006-08-03 08:24:58 20,480 ----a-w C:\WINDOWS\SYSTEM32\PfMgrTool.exe
- 2003-06-20 12:03:22 389,120 ----a-w C:\WINDOWS\SYSTEM32\PfWizard.exe
+ 2006-08-03 08:20:36 430,080 ----a-w C:\WINDOWS\SYSTEM32\PfWizard.exe
- 2003-06-20 12:09:38 192,512 ----a-w C:\WINDOWS\SYSTEM32\Pn802_11.dll
+ 2006-08-03 08:23:32 217,152 ----a-w C:\WINDOWS\SYSTEM32\Pn802_11.dll
- 2003-06-20 11:59:58 794,624 ----a-w C:\WINDOWS\SYSTEM32\PsGuiMgr.dll
+ 2006-08-03 08:18:54 942,147 ----a-w C:\WINDOWS\SYSTEM32\PsGuiMgr.dll
- 2003-06-20 11:54:30 167,936 ----a-w C:\WINDOWS\SYSTEM32\PsRegApi.dll
+ 2006-08-03 08:13:38 172,032 ----a-w C:\WINDOWS\SYSTEM32\PsRegApi.dll
+ 2006-08-03 08:13:32 122,880 ----a-w C:\WINDOWS\SYSTEM32\RegSrvc.exe
+ 2003-03-18 03:01:22 966,656 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\W20MLRes.dll
+ 2008-01-04 22:40:31 409,667 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\W20NCPA.dll
+ 2008-01-04 22:40:32 674,560 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\w70n51.sys
+ 2003-11-03 12:55:00 32,768 ----a-r C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\w70n5msg.dll
+ 2006-08-03 08:16:08 426,051 ----a-w C:\WINDOWS\SYSTEM32\S24EvMon.exe
- 2003-06-20 11:55:28 69,632 ----a-w C:\WINDOWS\SYSTEM32\S24MUDLL.DLL
+ 2006-08-03 08:16:12 81,920 ----a-w C:\WINDOWS\SYSTEM32\S24MUDLL.DLL
- 2002-12-15 06:43:40 30,938 ----a-w C:\WINDOWS\SYSTEM32\s24NCfg.dll
+ 2004-02-22 19:34:00 30,938 ----a-w C:\WINDOWS\SYSTEM32\s24NCfg.dll
- 2003-06-20 12:10:16 192,512 ----a-w C:\WINDOWS\SYSTEM32\SbrngAPI.dll
+ 2006-08-03 08:24:06 262,144 ----a-w C:\WINDOWS\SYSTEM32\SbrngAPI.dll
- 2003-06-20 11:55:06 49,152 ----a-w C:\WINDOWS\SYSTEM32\SbrngSvc.exe
+ 2006-08-03 08:15:56 49,152 ----a-w C:\WINDOWS\SYSTEM32\SbrngSvc.exe
+ 2006-08-03 08:16:54 139,264 ----a-w C:\WINDOWS\SYSTEM32\ShellNav.dll
- 2002-12-15 06:43:40 53,248 ----a-w C:\WINDOWS\SYSTEM32\SMSUnins.dll
+ 2004-02-22 19:35:00 65,536 ----a-w C:\WINDOWS\SYSTEM32\SMSUnins.dll
- 2002-12-04 15:57:00 147,456 ----a-w C:\WINDOWS\SYSTEM32\ssleay32.dll
+ 2005-01-13 08:00:14 147,456 ----a-w C:\WINDOWS\SYSTEM32\ssleay32.dll
- 2003-01-20 21:01:00 78,096 ----a-w C:\WINDOWS\SYSTEM32\TPIDI32.dll
+ 2004-02-22 19:35:00 78,096 ----a-w C:\WINDOWS\SYSTEM32\TPIDI32.dll
- 2003-01-20 21:01:00 142,256 ----a-w C:\WINDOWS\SYSTEM32\TPIDITST.exe
+ 2004-02-22 19:35:00 142,256 ----a-w C:\WINDOWS\SYSTEM32\TPIDITST.exe
- 2003-01-19 21:49:12 32,768 ----a-w C:\WINDOWS\SYSTEM32\w70n5msg.dll
+ 2003-01-19 22:49:12 32,768 ----a-w C:\WINDOWS\SYSTEM32\w70n5msg.dll
- 2003-06-20 11:56:40 475,136 ----a-w C:\WINDOWS\SYSTEM32\WConfig.dll
+ 2006-08-03 08:16:46 532,567 ----a-w C:\WINDOWS\SYSTEM32\WConfig.dll
- 2003-06-20 11:55:40 110,592 ----a-w C:\WINDOWS\SYSTEM32\WiFiAdap.dll
+ 2006-08-03 08:16:20 110,592 ----a-w C:\WINDOWS\SYSTEM32\WiFiAdap.dll
- 2003-06-20 12:01:48 258,048 ----a-w C:\WINDOWS\SYSTEM32\WLANDLL.dll
+ 2006-08-03 08:19:42 253,952 ----a-w C:\WINDOWS\SYSTEM32\WLANDLL.dll
- 2003-06-20 12:01:12 356,352 ----a-w C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
+ 2006-08-03 08:19:18 639,040 ----a-w C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-12-28 23:07 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-28 21:58 2778112]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2006-08-03 03:19 639040]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 06:08 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-02-28 07:00 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-12-30 14:52 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2006-08-03 03:20 188482 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uae48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^winlogin.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe
backup=C:\WINDOWS\pss\winlogin.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^Photobot.lnk]
path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\Photobot.lnk
backup=C:\WINDOWS\pss\Photobot.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"sp_rssrv"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"CCALib8"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"aawservice"=2 (0x2)
"a2free"=2 (0x2)
"WANMiniportService"=2 (0x2)
"RasMan"=3 (0x3)
"ImapiService"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2007-12-29 01:55]
S2 init_3b0c-6b44;init_3b0c-6b44;C:\WINDOWS\System32\init_3b0c-6b44.sys []
S3 EraserUtilDrv10621;EraserUtilDrv10621;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys []
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2002-11-08 14:13]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 00:06:26 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-12-29 20:49:02 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 01:40:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 1:41:06
ComboFix-quarantined-files.txt 2008-01-05 06:40:40
ComboFix2.txt 2008-01-04 21:17:35
.
2008-01-05 00:41:53 --- E O F ---



And now a Hijackthis So this one is in safe mode and I can get a normal one once we get back into normal windows






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:13 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://body1.spfldcol.edu/dwa7W.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\WINDOWS\TEMP\157967.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: COMSysApp - Unknown owner - C:\WINDOWS\TEMP\158557.exe (file missing)
O23 - Service: dmserver - Unknown owner - C:\WINDOWS\TEMP\137738.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: HTTPFilter - Unknown owner - C:\WINDOWS\TEMP\183173.exe (file missing)
O23 - Service: lanmanserver - Unknown owner - C:\WINDOWS\TEMP\130377.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RDSessMgr - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: RSVP - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: S24EventMonitor - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: sp_rssrv - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 5633 bytes

Ok well I tried to system restore it only let me take it back a day and that still wouldnt let me boot it up in normal mode so I thought it may have had something to do with updating the wireless cards drivers so I rolled them back and now Im in normal mode so ill get you a new hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:57 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://body1.spfldcol.edu/dwa7W.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\WINDOWS\TEMP\157967.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: COMSysApp - Unknown owner - C:\WINDOWS\TEMP\158557.exe (file missing)
O23 - Service: dmserver - Unknown owner - C:\WINDOWS\TEMP\137738.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: HTTPFilter - Unknown owner - C:\WINDOWS\TEMP\183173.exe (file missing)
O23 - Service: lanmanserver - Unknown owner - C:\WINDOWS\TEMP\130377.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RDSessMgr - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: RSVP - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: S24EventMonitor - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: sp_rssrv - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 6126 bytes

Are you still having problems? I don't see anything in those logs now.

It seems fine but Avg and some other still pick somethings up.

Have you updated AVG and ran it in safe mode? What and where are these 'things?'

Viruses, Malware, worms.... Here is something that EMCO Malware Destroyer is picking up witch if I remember we should have had deleted already

Quarantine EDWARD NMC.DOWNLOADER.HARNIG TROJAN

Quarantine EDWARD NMC.DOWNLOADER.LUNII TROJAN

Quarantine EDWARD NMC.HARNIG WORM

Detailed Info

[EXISTS_REGKEYVALUE_HKLM]=\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[VALUE]=Wintime
[EXISTS_REGKEY_HKCR]=\CLSID\{0A323FA1-38DE-44EC-B2FA-4002183C143E}
[EXISTS_FILE]=%winsys%\wintime.exe
[EXISTS_FILE]=%winsys%\secure32.txt
[EXISTS_FILE]=%win%\seksdialer.exe


Dont know if this helps but Ill say the files ar NOT being deleted

[HKLM_KEY_VALUE]=\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[VALUE]=Wintime
[HKCR_KEY]=\CLSID\{0A323FA1-38DE-44EC-B2FA-4002183C143E}
[HKLM_KEY_VALUE]=\SOFTWARE\Microsoft\Windows\CurrentVersion[VALUE]=ShellServiceObjectDelayLoadSystem
[FILE_DEL]=%winsys%\secure32.txt
[FILE_DEL]=%win%\system.exe
[FILE_DEL]=%winsys%\system32.dll
[FILE_DEL]=%win%\desktop.exe
[FILE_DEL]=%win%\toolbar.exe
[FILE_DEL]=%win%\mstasks1.exe
[FILE_DEL]=%win%\mstasks2.exe
[FILE_DEL]=%win%\seksdialer.exe
[FILE_DEL]=%winsys%\wintime.exe
[FILE_DEL]=%winsys%\dkdial.exe
[FILE_DEL]=%winsys%\dial32.exe
[FILE_DEL]=%win%\Web\desktop.html

See if you can track down the files and manually delete them. I see some there that were definitely deleted by combofix.
I know nothing about the EMCO program you have and as such, do not know if it is giving any false positives.